A Web3 security researcher, known by the pseudonym “jayjonah.eth,” recently earned a $150,000 bounty after discovering a critical vulnerability in the Evmos blockchain.
The researcher claimed they identified the bug, which could halt the entire Evmos blockchain and disrupt all decentralized applications (DApps) built on it, by analyzing the Cosmos Network’s documentation,
The vulnerability involved “module accounts” — a concept in the Cosmos documentation warning that if these accounts receive funds outside the expected parameters, it could break key system rules and halt the network.
In an October 28 blog post, “jayjonah.eth” explained that testing this scenario revealed that sending funds to a module account caused the Evmos blockchain to stop producing blocks, effectively disrupting the network and all DApps connected to it.
After confirming the bug’s existence, the Evmos team acted swiftly to resolve it, as noted by the researcher.
The Evmos Bug Bounty Program was launched in collaboration with the blockchain security platform Immunefi in November 2022. The Evmos team stated that the program would “incentivize hackers to uncover bugs” on the blockchain, thereby enhancing the security and viability of the ecosystem surrounding it. Participants earn rewards based on the impact of the vulnerabilities they discover, with the top rewards going to those who identify the most significant issues.
Reflecting on the discovery, “jayjonah.eth” encouraged other researchers to thoroughly review project documentation, as it often highlights vulnerabilities that could prevent major security issues. They also emphasized that bug bounty programs like Evmos’s are a vital tool for blockchain projects, as they help reduce cyberattack risks and minimize potential financial losses in case of a security breach.
In a related event, The Tapioca Foundation has issued a $1 million bounty to the hacker who stole $4.7 million from its DeFi protocol through a sophisticated social engineering attack. The offer, made through an on-chain message on October 20, proposes that the attacker can legally retain $1 million while returning the remaining stolen funds. As of press time, no update has been given on the status of the bounty.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
