CertiK’s smart-contract security auditor received a $500,000 bounty for discovering a critical vulnerability in the blockchain Sui. The report by Cointelegraph says so.
Analysts stressed that the bug, dubbed HamsterWheel, differs from traditional exploits. They said a potential attacker could hijack nodes and perform transactions without processing new transactions.
CertiK discovered the vulnerability before the launch of the Sui mainnet in May. The developers acted quickly to fix the bug. A more detailed report from the auditors was promised for publication later.
CertiK’s Chief Security Officer Kan Li said that methods for attacking blockchains are continually evolving. The discovery of HamsterWheel demonstrates the ‘increasing sophistication of threats’, he added.
The company also emphasised the importance of bounty programmes as a preventive measure in cybersecurity.
In May, CertiK said it froze $160,000, withdrawn from the Merlin decentralised exchange following an exploit.
In June 2022, the team behind the non-custodial crypto wallet MetaMask, in partnership with HackerOne, launched a vulnerability-bounty initiative for the app.