White hat hacker at Paradigm Ventures VC firm might have prevented SushiSwap from losing more than $350 million worth of Ethereum (ETH) after discovering a critical bug on the platform and reporting it to the developers.
According to a post from SushiSwap on Monday, a group of cybersecurity experts, led by crypto investment firm Paradigm’s research partner Samczsun, reached out to the team, alerting them about a vulnerability for the BitDAO token sale on the Miso SushiSwap platform, the launchpad for new tokens.
While the sale did go on without a hitch, raising $365 million from over 9200 participants, it all could have gone very wrong.
Upon discovering the bug, Sam investigated deeper to find what’s initially thought to be a minor bug to be a vulnerability that could enable hackers to steal over $350 million worth of Ethereum:
“Suddenly, my little vulnerability just got a lot bigger. I wasn’t dealing with a bug that would let you outbid other participants. I was looking at a 350 million dollar bug.”
The researcher subsequently informed SushiSwap which deployed a rescue to prevent the potential exploit. After discussing the vulnerability, the BitDAO team which conducted the auction decided to manually finalize the auction by neutralizing the threat.
In a separate blogpost, SushiSwap confirmed that no funds were lost:
“All future planned auctions utilizing the specific dutch auction contracts with ETH commitments have been paused until an updated version is redeployed.”
The latest development comes shortly after Poly Network suffered in what's known to be DeFi’s largest hack ever yet after a hacker exploited a vulnerability in the protocol and stole over $600 million in tokens.
Shortly after the hack, the attacker agreed to return all the stolen funds. Later, Poly Network offered the hacker the position of Chief Security Adviser for his contribution to blockchain security.