BSV
$57.14
Vol 70.17m
-6.86%
BTC
$101733
Vol 98204.47m
-2.46%
BCH
$479.35
Vol 621.22m
-8.42%
LTC
$108.67
Vol 1866.95m
-9.69%
DOGE
$0.35
Vol 6739.55m
-7.01%
Getting your Trinity Audio player ready...

The bZx team was able to track down the individual who allegedly exploited the platform for $8.1 million on September 13.

https://twitter.com/bZxHQ/status/1305496675474006017

bZx was able to identify the attacker by tracing their on-chain activity. Upon being identified, the attacker returned the funds to bZx. Although the hacker has been identified and the funds have been returned, the bZx team refuses to reveal the attacker’s identity for legal reasons.

The bZx bug bounty

In addition to the attacker returning funds, there was a significant amount of trouble between the bZx team, and the lead engineer at Bitcoin.com, Marc Thalen, the individual who reported the attack vector to bZx before the $8.1 million exploit took place.

At the time of the attack, Thalen posted on Twitter, creating a paper trail of evidence that proves that he was the individual who identified the bug in bZx protocol. Thalen says he created the paper trail because, “far too often teams do not pay out their bounties even though in this scenario the amount at risk was very substantial.”

And just as Thalen expected, he had trouble when it came to receiving a proper payout for identifying the bug. bZx told Thalen that their “independent security panel” reviewed Thalen’s submission and determined that the bug he found was worth a $12,500 payout. Unfortunately, that number does not resemble the numbers that bZx has listed on their bug bounty payout schedule considering how severe the bug Thalen found turned out to be and the impact the bug had on bZx.

“bZx just mentioned on a call it doesn’t feel like it’s worth more than 12.5k as their “independent” panel decided to and they feel like sticking to it. They are not willing to disclose identities of the panel,” said Thalen. “[I’m] really disappointed in bZx.”

But after voicing his thoughts on the bounty payment, continuing the paper trail on Twitter, and a phone call with bZx, the independent security panel decided to pay Thalen a more appropriate sum of $45,000.

“BZX decided to higher the bounty and paid me out,” said Thalen. “I was just paid $45.000 in USDC. Happy to come to a conclusion. I wish the team all the best with their platform and hope that they will incentivise bounty hunters to keep finding bugs.”

Recommended for you

How tariffs could reshape America’s digital asset future
Trump's dual promises—to impose punishing tariffs on Chinese imports while making America "the crypto capital of the planet"—are about to...
December 19, 2024
First blockchain-powered fleet in the Philippines launched
The use of blockchain in the Philippines is gaining significant traction with its first blockchain-powered fleet, providing community empowerment and...
December 19, 2024
Advertisement
Advertisement
Advertisement