Ethical hacker who could have obtained unlimited Ethereum has settled for the reward
Saurik discovered a vulnerability with which to hoard cryptocurrencies, warned the company and was rewarded with $2 million
He could have exploited a vulnerability he had discovered to enrich himself through the creation of Ethereum, but instead he chose to alert the company, so that the bug could be patched, and settled for the reward. Equal to $2,000,042. Saurik’s wallet was filled with this amount. His stage name is Jay Freeman, who is already known for having developed Cydia, a tool for jailbreaking iOS devices, and who also presents himself on Twitter as the head of technology at OrchidProtocol and a politician active in California.
The hacker found the vulnerability linked to a nano payment protocol, a very cheap or zero-cost digital payment system that allows instant transactions between users, with some limitations in terms of security. One of the most popular and ideal protocols for sending small amounts of cryptocurrency is Optimism, Ethereum’s layer 2 solution, which in this case has a bug that could bring the system and the users who used it to its knees, should the discovery have been made by a cybercriminal. “The bug would have allowed the creation of Ethereum on Optimism by activating the Selfdestruct opcode on a contract where there was already Ethereum,” said the Optimism team, adding that the discovery dates back to early February and was promptly corrected.
As Saurik himself explained, the vulnerability was not exploited until it was discovered, even though another hacker before him had noticed the flaw, but did not realise the opportunity it concealed. This is not entirely new for layer 2 protocols, which although they reduce costs by increasing transaction speeds, remain the Achilles heel of security. In this case, a hacker interested in making money could have staged fake transactions that, after being cancelled by users, would have guaranteed the return of the Ethereum foreseen in the previous deal. An ingenious, simple and quick way to secure potentially unlimited amounts of cryptocurrency, even if the layer 2 bug would have made life somewhat more difficult for the attacker.
The possible doom and gloom scenario for Ethereum suggests why the companies involved offer hefty rewards to hackers who discover vulnerabilities in the various protocols. It is no coincidence that MakerDao, which created Dai, a stablecoin linked to the dollar and to Ethereum’s blockchain, has promised a reward of $10 million to anyone who discovers bugs in its smart contracts. Too much money? No, because the hacking suffered by Wormhole, the protocol that links the Solana and Ethereum blockchains, which was broken with damages of over $320 million, is still too fresh. Not to mention that the money awarded to those who are able to discover a bug is a salvation for companies, which are thus less likely to lose a much larger amount of money.