Akropolis has provided the hacker who stole $2 million in Dai cryptocurrency a “bug bounty” reward in return for the lacking funds.
In an open letter published on Medium, the cryptocurrency “group financial system” platform proposed a $200,000 “reward” for the menace actor’s cooperation.
See additionally: Chinese city launches cryptocurrency lottery, gives away digital coins to promote adoption
Describing the bug bounty fee “as compensation in your exploit,” Akropolis said it “hope[s] that the hacker will take our provide into consideration and cooperate with the group to resolve the difficulty.”
The platform revealed the theft of cryptocurrency from its platform final week. As previously reported by ZDNet, transactions had been briefly paused to cease extra Dai tokens from being stolen in what is called a “flash mortgage” assault.
Flash mortgage assaults happen on decentralized finance (DeFi) platforms. An attacker loans funds however then exploits a safety weak spot — comparable to a vulnerability — to bypass mortgage mechanisms and stroll away with the cryptocurrency they’ve ‘borrowed.’
CNET: The best DIY home security systems for 2020
For the reason that cyberattack, Akropolis has internally investigated the exploit and is at present fixing “contract-level” points. The corporate has additionally launched an exterior evaluation of the incident along with companions and buyers.
Nonetheless, Akropolis has chosen to not go to regulation enforcement — but — within the hope that the hacker will comply with the agency’s proposal.
“We wish to suggest that you just return the funds of our group members inside 48 hours and in return, we’ll provide a $200,000 bug bounty,” Akropolis mentioned. “We’ll take measures to guard your id as required. Should you resolve to not cooperate we’ll pursue legal motion and phone regulation enforcement.”
TechRepublic: How to secure your Zoom account with two-factor authentication
There isn’t any phrase as of but, over 48 hours later, if the hacker accountable has accepted this proposal — or what Akropolis’ subsequent plan of action could also be. On the time of writing, the stolen Dai coins are nonetheless being held in a blacklisted, attacker-controlled pockets.
In a project update on November 16, Akropolis mentioned the menace actor was in a position to exploit the “flawed dealing with of the deposit logic within the SavingsModule good contract.”
“The exploitation results in a lot of pool tokens minted with out being backed by invaluable property,” the corporate added.
Checks for deposit tokens and whitelist features have now been applied. Akropolis is at present engaged on including take a look at protection for staking swimming pools, boosting safety check-ups, and deciding on methods to compensate customers. The platform can also be on the hunt for 2 new senior builders to hitch the group.
ZDNet has reached out to Akropolis for added remark and can replace after we hear again.
Earlier and associated protection
Have a tip? Get in contact securely by way of WhatsApp | Sign at +447713 025 499, or over at Keybase: charlie0
