BSV
$67.45
Vol 48.97m
-6.85%
BTC
$90456
Vol 50359.79m
-0.31%
BCH
$442.81
Vol 692.02m
-7.45%
LTC
$88.49
Vol 1349.3m
-5.6%
DOGE
$0.36
Vol 9559.49m
0.29%
Getting your Trinity Audio player ready...

The bZx team was able to track down the individual who allegedly exploited the platform for $8.1 million on September 13.

https://twitter.com/bZxHQ/status/1305496675474006017

bZx was able to identify the attacker by tracing their on-chain activity. Upon being identified, the attacker returned the funds to bZx. Although the hacker has been identified and the funds have been returned, the bZx team refuses to reveal the attacker’s identity for legal reasons.

The bZx bug bounty

In addition to the attacker returning funds, there was a significant amount of trouble between the bZx team, and the lead engineer at Bitcoin.com, Marc Thalen, the individual who reported the attack vector to bZx before the $8.1 million exploit took place.

At the time of the attack, Thalen posted on Twitter, creating a paper trail of evidence that proves that he was the individual who identified the bug in bZx protocol. Thalen says he created the paper trail because, “far too often teams do not pay out their bounties even though in this scenario the amount at risk was very substantial.”

And just as Thalen expected, he had trouble when it came to receiving a proper payout for identifying the bug. bZx told Thalen that their “independent security panel” reviewed Thalen’s submission and determined that the bug he found was worth a $12,500 payout. Unfortunately, that number does not resemble the numbers that bZx has listed on their bug bounty payout schedule considering how severe the bug Thalen found turned out to be and the impact the bug had on bZx.

“bZx just mentioned on a call it doesn’t feel like it’s worth more than 12.5k as their “independent” panel decided to and they feel like sticking to it. They are not willing to disclose identities of the panel,” said Thalen. “[I’m] really disappointed in bZx.”

But after voicing his thoughts on the bounty payment, continuing the paper trail on Twitter, and a phone call with bZx, the independent security panel decided to pay Thalen a more appropriate sum of $45,000.

“BZX decided to higher the bounty and paid me out,” said Thalen. “I was just paid $45.000 in USDC. Happy to come to a conclusion. I wish the team all the best with their platform and hope that they will incentivise bounty hunters to keep finding bugs.”

Recommended for you

This Week in AI: US, China clash; Amazon eyes in-house chips
China and the U.S. are butting heads anew over trade, while Amazon eyes to become a major player in the...
November 15, 2024
CREATE MORE Act and its impact on emerging tech
Philippine President Ferdinand Marcos Jr. signed the CREATE MORE Act into law, focusing on lowering corporate taxes, simplifying business processes,...
November 15, 2024
Advertisement
Advertisement
Advertisement