BSV
$66.01
Vol 103.32m
-14.78%
BTC
$97136
Vol 147708.33m
-2.16%
BCH
$545.11
Vol 1367.21m
-10.28%
LTC
$113.84
Vol 2619.74m
-12.33%
DOGE
$0.4
Vol 16394.5m
-9.3%
Getting your Trinity Audio player ready...

The bZx team was able to track down the individual who allegedly exploited the platform for $8.1 million on September 13.

https://twitter.com/bZxHQ/status/1305496675474006017

bZx was able to identify the attacker by tracing their on-chain activity. Upon being identified, the attacker returned the funds to bZx. Although the hacker has been identified and the funds have been returned, the bZx team refuses to reveal the attacker’s identity for legal reasons.

The bZx bug bounty

In addition to the attacker returning funds, there was a significant amount of trouble between the bZx team, and the lead engineer at Bitcoin.com, Marc Thalen, the individual who reported the attack vector to bZx before the $8.1 million exploit took place.

At the time of the attack, Thalen posted on Twitter, creating a paper trail of evidence that proves that he was the individual who identified the bug in bZx protocol. Thalen says he created the paper trail because, “far too often teams do not pay out their bounties even though in this scenario the amount at risk was very substantial.”

And just as Thalen expected, he had trouble when it came to receiving a proper payout for identifying the bug. bZx told Thalen that their “independent security panel” reviewed Thalen’s submission and determined that the bug he found was worth a $12,500 payout. Unfortunately, that number does not resemble the numbers that bZx has listed on their bug bounty payout schedule considering how severe the bug Thalen found turned out to be and the impact the bug had on bZx.

“bZx just mentioned on a call it doesn’t feel like it’s worth more than 12.5k as their “independent” panel decided to and they feel like sticking to it. They are not willing to disclose identities of the panel,” said Thalen. “[I’m] really disappointed in bZx.”

But after voicing his thoughts on the bounty payment, continuing the paper trail on Twitter, and a phone call with bZx, the independent security panel decided to pay Thalen a more appropriate sum of $45,000.

“BZX decided to higher the bounty and paid me out,” said Thalen. “I was just paid $45.000 in USDC. Happy to come to a conclusion. I wish the team all the best with their platform and hope that they will incentivise bounty hunters to keep finding bugs.”

Recommended for you

Google wants to overturn ruling in case against Epic Games
In December 2023, a jury ruled against Google for antitrust practices, and in October, a judge mandated that the tech...
December 10, 2024
Last Week in AI: Google, OpenAI leads generative AI video creation
This week in the AI space saw Google and OpenAI's race to bring generative AI videos, Intel's CEO resignation, and...
December 9, 2024
Advertisement
Advertisement
Advertisement