Polkadot vulnerability


A vulnerability in Polkadot ecosystem has put $200 million worth of assets at risk, it’s now revealed. The error was discovered in June and has now been fixed.

Polkadot vulnerability affects three parachains

Three different parachains of the Polkadot ecosystem were affected by the bug. These are Moonbeam, Astar and Acala. Together, they had assets worth around $200 million at the time.

A programmer operating under the name Pwning.eth became aware of the vulnerability and shared it with the bug bounty platform Immunefi. Several months after the problem was already fixed, the former vulnerability comes to light through a report from The Block .

Pwning.eth found a bug that impacted the entire Polkadot ecosystem, allowing hackers to steal over $200 million from Moonbeam, Astar Network, and Acala.

Explains Immunefi. The bug was on the Frontier compatibility layer , which Polkadot provides to be able to connect to Ethereum.

How could an attacker have exploited the vulnerability?

It also explains how an attacker could have exploited the vulnerability. So it says:

They were all vulnerable to a flaw that would have allowed malicious users to create Wrapped Tokens .

So an attacker could have created as many Wrapped Moonbeam, Wrapped Astar, or Wrapped Moonriver as they wanted. These would then possibly have reached the market where the attacker would have sold them for a profit.

However, thanks to the programmer and developers of the three affected parachains, this event never happened. The error was quickly corrected. Finder Pwning.eth earned a $1 million bounty from his find.

A few months earlier, the programmer got hold of six million US dollars through a similar discovery. He tracked down a critical vulnerability in Aurora, a Layer -2 solution for Near, which could have wreaked havoc on the Ethereum ecosystem due to its EVM compatibility.

The recently affected Polkadot Parachains are also EVM-compatible.

Leave a Reply

Your email address will not be published. Required fields are marked *