AURORA PAYS $6M BUG BOUNTY TO ETHICAL SECURITY HACKER THROUGH IMMUNEFI

Last updated: October 26, 2025, 02:19 | Written by: Tamsin Crowe

Aurora Pays $6M Bug Bounty To Ethical Security Hacker Through Immunefi
Aurora Pays $6M Bug Bounty To Ethical Security Hacker Through Immunefi

In a testament to the evolving landscape of cybersecurity within the crypto world, Aurora, an Ethereum bridging and scaling solution built on the NEAR Protocol, has awarded a staggering $6 million bug bounty to the ethical hacker known as pwning.eth. Aurora pays $6M bug bounty to ethical security hacker through Immunefi Zhiyuan Sun 20 On Tuesday, Ethereum ( ETH ) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine.This significant payout, facilitated through Immunefi, a leading bug bounty platform for Web3, highlights the critical importance of proactive security measures in safeguarding decentralized finance (DeFi) ecosystems.The vulnerability discovered by pwning.eth in April could have potentially exposed over $200 million in user funds to malicious actors. On Tuesday, Ethereum bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The exploit allegedly placed over $200 million worth of capital at risk.This incident serves as a stark reminder of the inherent risks associated with emerging technologies and the vital role played by white hat hackers in identifying and mitigating these threats before they can be exploited.The generous bounty not only rewards ethical behavior but also incentivizes further security research and collaboration within the crypto community, fostering a safer and more robust environment for all participants.Aurora's swift response and commitment to transparency demonstrate a mature approach to security, setting a positive example for other projects in the space.

Understanding the Aurora Network and its Vulnerability

Aurora is designed to be a high-performance, EVM (Ethereum Virtual Machine)-compatible blockchain built on the NEAR Protocol.Its primary goal is to offer developers and users a seamless experience when interacting with Ethereum-based applications while benefiting from the scalability and efficiency of NEAR. Wormhole announces $10 million bug bounty payout . The Block. Retrieved . Aurora pays $6M bug bounty to ethical security hacker through Immunefi . Cointelegraph. Retrieved . Immunefi ( ). Immunefi Acquired Klevoya to Strengthen its DeFi Security Products and Services . GlobeNewswire News Room (PressThis allows for faster transaction speeds and lower fees compared to the Ethereum mainnet.The recent vulnerability discovered by pwning.eth, however, underscored the complexities inherent in bridging different blockchain ecosystems. Aurora, an Ethereum (ETH) bridge and scaling solution. Revealed on Tuesday that ethical security hacker pwning. ETH. Had identified a significant vulnerability in the Aurora Engine and had received a $6 million prize. iexclusivenews reports that over $200 million in the capital is said to have been put at risk as a result of the [ ]A flaw in the Aurora Engine, the core component responsible for maintaining EVM compatibility, could have allowed attackers to drain significant amounts of assets held within the network.

The Role of the Aurora Engine

The Aurora Engine is a crucial piece of infrastructure that enables the execution of Ethereum smart contracts on the NEAR Protocol.It translates Ethereum transactions and state changes into a format understandable by the NEAR blockchain. Aurora pays $6M bug bounty to ethical security hacker through ImmunefiAny vulnerability within this engine could have widespread consequences, potentially affecting a large number of decentralized applications (dApps) and users who rely on Aurora for bridging and scaling solutions.

Specifically, the discovered exploit allegedly placed over 200 million dollars worth of capital at risk.The exact nature of the vulnerability has not been fully disclosed to prevent potential exploitation by malicious actors.However, the fact that Aurora acted swiftly to address the issue and reward the ethical hacker demonstrates the seriousness of the threat.

Pwning.eth: The Ethical Hacker and Bug Bounty Hunter

leading hunter analysis
leading hunter analysis

The ethical hacker behind the discovery, known as pwning.eth, is a prominent figure in the cybersecurity community.Their expertise in identifying vulnerabilities in blockchain systems has proven invaluable in safeguarding numerous projects.This particular bug bounty reward solidifies their reputation as a leading white hat hacker in the Web3 space. Aurora, an Ethereum Virtual machine built on the NEAR Protocol, recently paid a $6 million reward to a so-called white hat hacker for identifying a key bug. The hacker, known as pwning.eth, uncovered in April a critical vulnerability in Aurora s system, which could have jeopardized up to $200 million of funds.It’s important to understand that pwning.eth could have chosen to exploit the vulnerability for personal gain, potentially reaping millions of dollars.However, their commitment to ethical hacking and responsible disclosure prevented a potentially devastating attack on the Aurora network and its users.

Why Ethical Hacking Matters

Ethical hacking, also known as white hat hacking, plays a crucial role in securing blockchain systems.Ethical hackers use their skills to identify vulnerabilities and report them to the project developers, allowing them to fix the issues before they can be exploited by malicious actors. On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The exploit allegedly placed over $200 million worth of capital at risk. The sum was paid in collaboration with Immunefi, a leading platform [ ]This proactive approach is essential for maintaining the integrity and security of decentralized networks.

  • Proactive Security: Ethical hackers identify vulnerabilities before malicious actors can exploit them.
  • Prevent Financial Losses: Reporting vulnerabilities prevents potential hacks and financial losses for users.
  • Improve System Security: Developers can patch vulnerabilities and improve the overall security of their systems.
  • Build Trust: Demonstrates a commitment to security and builds trust within the community.

Immunefi: Connecting Projects with Security Experts

Key Point: providing experts strategy

Immunefi facilitated the bug bounty payout, acting as a crucial bridge between Aurora and pwning.eth.Immunefi is a leading bug bounty platform focused specifically on Web3 and DeFi. On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora Aurora pays $6M bug bounty to ethical security hacker through Immunefi Facebook Twitter Youtube InstagramThey connect projects with security researchers and ethical hackers, providing a structured framework for vulnerability disclosure and rewarding responsible behavior.

How Immunefi Works

Immunefi provides a platform where blockchain projects can create and manage bug bounty programs.These programs offer financial incentives to ethical hackers who discover and report vulnerabilities. Over $200 million worth of users' funds could have been at risk if the whitehat had chosen to exploit the vulnerability for personal gain instead of reporting it to developers. On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. TheThe platform also provides a secure channel for communication between hackers and project developers, ensuring that sensitive information is handled responsibly. 2.3M subscribers in the ethtrader community. Welcome to /r/EthTrader, a 100% community driven sub. Here you can discuss Ethereum news, memesThe payout coordinated by Immunefi in this instance is reported to be the second largest reward in crypto history, further solidifying Immunefi’s position as a key player in the Web3 security landscape.

  1. Projects create bug bounty programs: Define the scope and rewards for different types of vulnerabilities.
  2. Ethical hackers identify vulnerabilities: Conduct security audits and penetration testing to find potential weaknesses.
  3. Vulnerabilities are reported: Hackers submit detailed reports through the Immunefi platform.
  4. Projects verify and fix vulnerabilities: Developers review the reports and patch the identified issues.
  5. Rewards are paid out: Immunefi facilitates the payout of bug bounties to ethical hackers.

The Significance of a $6 Million Bug Bounty

The $6 million bug bounty is a significant indicator of the value placed on security within the Aurora ecosystem. Aurora has paid out a $6 million bug bounty to a white hat hacker who warned it of a possible $330 million exploit. ImmuneFi, which coordinated the bounty and payout, says that the amount is the second largest reward in crypto history.It's a clear signal that Aurora is committed to protecting its users' funds and maintaining the integrity of its network. Aurora pays $6M bug bounty to ethical security hacker through Immunefi . news and more. Buy, Sell and Swap bitcoin, ethereum and 350 cryptocurrencies on BitSwapNow.The size of the bounty also reflects the severity of the vulnerability discovered by pwning.eth and the potential financial impact that could have resulted from its exploitation.

The Financial Impact of Exploits

Blockchain exploits can have devastating consequences, resulting in significant financial losses for users and damage to the reputation of the affected project.In some cases, exploits can even lead to the collapse of entire ecosystems. Aurora pays $6M bug bounty to ethical security hacker through Immunefi 8-Jun-2025 Thomas J Ackermann Over $200 million worth of users funds could have been at risk if the whitehat had chosen to exploit the vulnerability for personal gain instead of reporting it to developers.The proactive measures taken by Aurora, including the implementation of a bug bounty program and the swift response to the reported vulnerability, demonstrate a commitment to mitigating these risks.

Consider the following scenarios:

  • DeFi Protocol Hack: Attackers exploit a vulnerability in a DeFi protocol's smart contracts, draining millions of dollars in user funds.
  • Bridge Exploit: A cross-chain bridge is compromised, allowing attackers to steal assets being transferred between different blockchains.
  • Rug Pull: Project developers abandon a project after raising significant amounts of funding, leaving investors with worthless tokens.

Aurora's Perspective on Security and Bug Bounties

ensuring bounties example
ensuring bounties example

Frank Braun, Head of Security at Aurora Labs, emphasized the importance of bug bounty programs as a critical component of a layered defense strategy.He views the program as the last step in protecting the network.Braun has stated that the team intends to use this incident as a learning opportunity to further strengthen security measures at earlier stages of the development process.

A Layered Defense Approach

A layered defense approach to security involves implementing multiple security measures at different levels of the system. Aurora pays $6M bug bounty to ethical security hacker through Immunefi Aurora bounty bug Ethical hacker ImmuneFi Pays Security CryptonewsThis approach helps to mitigate the risk of a successful attack by ensuring that even if one layer is compromised, other layers are in place to prevent further damage.This layered security includes:

  • Secure Coding Practices: Following industry best practices to write secure code.
  • Code Audits: Engaging third-party security firms to review code for vulnerabilities.
  • Penetration Testing: Simulating attacks to identify weaknesses in the system.
  • Bug Bounty Programs: Incentivizing ethical hackers to find and report vulnerabilities.

The Broader Implications for Web3 Security

The Aurora incident and the subsequent $6 million bug bounty highlight the growing importance of security in the Web3 space.As the adoption of blockchain technology continues to increase, the need for robust security measures becomes even more critical.This incident also underscores the value of bug bounty programs in incentivizing ethical hacking and fostering collaboration between projects and security researchers.

The Future of Bug Bounties

Bug bounty programs are likely to become even more prevalent in the Web3 space as projects recognize the importance of proactive security measures.As the industry matures, we can expect to see bug bounty programs evolve to become more sophisticated and effective.

Here are some potential trends in the future of bug bounties:

  • Increased Reward Sizes: As the value of assets secured by blockchain systems increases, bug bounty rewards are likely to become even larger.
  • More Specialized Programs: We may see the emergence of bug bounty programs focused on specific types of vulnerabilities or specific areas of the codebase.
  • Integration with Security Tools: Bug bounty platforms may integrate with automated security tools to streamline the vulnerability reporting and verification process.

Learning from Aurora's Experience

The Aurora situation presents valuable lessons for other blockchain projects and the wider Web3 community.Prioritizing security, implementing bug bounty programs, and fostering open communication with security researchers are crucial steps towards building a more secure and resilient ecosystem.The incident emphasizes the need for continuous monitoring and improvement of security practices, even after a project has been launched.

Actionable Advice for Web3 Projects

Here's some actionable advice for Web3 projects looking to improve their security posture:

  • Implement a Bug Bounty Program: Create a bug bounty program to incentivize ethical hackers to find and report vulnerabilities. BTCUSD Bitcoin Aurora pays $6M bug bounty to ethical security hacker through ImmunefiConsider using a platform like Immunefi to manage your program.
  • Conduct Regular Security Audits: Engage third-party security firms to conduct regular audits of your codebase.
  • Follow Secure Coding Practices: Ensure that your developers are following industry best practices for secure coding.
  • Implement a Layered Defense Approach: Implement multiple security measures at different levels of your system.
  • Stay Informed: Keep up-to-date with the latest security threats and vulnerabilities in the Web3 space.
  • Be Transparent: Communicate openly with your community about security incidents and the steps you are taking to address them.

Common Questions About Blockchain Security and Bug Bounties

Here are some frequently asked questions about blockchain security and bug bounty programs:

What is a bug bounty program?

A bug bounty program is a program offered by a company or organization that rewards individuals for discovering and reporting vulnerabilities in their systems or software.In the context of blockchain, bug bounty programs incentivize ethical hackers to find and report vulnerabilities in smart contracts, protocols, and other components of the ecosystem.

Why are bug bounty programs important for blockchain projects?

Bug bounty programs are important because they provide a proactive way to identify and address security vulnerabilities before they can be exploited by malicious actors. Aurora pays $6M bug bounty to ethical security hacker through Immunefi 2025 0:03. Aurora pays $6M bug bounty to ethical security hacker through Immunefi.They also help to foster a culture of security within the community.

How much should a blockchain project offer for a bug bounty?

The amount offered for a bug bounty depends on several factors, including the severity of the vulnerability, the potential impact of an exploit, and the overall budget of the project. Over $200 million worth of users' funds could have been at risk if the whitehat had chosen to exploit the vulnerability for personal gain instead of reporting it to developers. On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethicalGenerally, higher rewards are offered for more critical vulnerabilities.

What are the risks of not having a bug bounty program?

The risks of not having a bug bounty program include a higher likelihood of being exploited by malicious actors, potential financial losses for users, and damage to the reputation of the project.

Conclusion: A Win for Security and Collaboration

Aurora's decision to pay a $6 million bug bounty to pwning.eth through Immunefi is a significant victory for security and collaboration in the Web3 space.It demonstrates the importance of proactive security measures, the value of ethical hacking, and the effectiveness of bug bounty programs in safeguarding decentralized ecosystems. Aurora had launched a bug bounty program with Immunefi just one week before discovering the security vulnerability. Meanwhile, Frank Braun, head of security at Aurora Labs, commented: We look at the bug bounty program as the last step in a layered defense approach and will use this bug as a learning opportunity to improve earlier steps, likeThe incident serves as a reminder that security is an ongoing process that requires continuous vigilance and a commitment to collaboration.As the Web3 landscape continues to evolve, it is crucial that projects prioritize security and work together to build a more secure and resilient future.This includes adopting comprehensive security strategies, engaging with the security community, and embracing bug bounty programs as a vital component of their overall security posture.The lessons learned from Aurora's experience should serve as a guide for other projects seeking to protect their users and maintain the integrity of their networks.Key takeaways include the importance of layered security, incentivizing ethical hackers, and utilizing platforms like Immunefi to facilitate bug bounty programs.

Tamsin Crowe can be reached at [email protected].

Comments