Bug in Solana Patched, $30 Million of User Fund Secured

Bug in Solana Patched, $30 Million of User Fund Secured

On the 19th of December 2022, KKlas, a Twitter user and web3 developer, announced that he found a bug on Solana that could put user funds at risk, and the projects ignored his message.

Aside from corrupt centralized establishments, hacks and exploits continue to be another problem of the crypto space, which shows the importance of finding bugs in smart contracts and vulnerabilities in the codes to prevent losses and FUD. However, after all the hard work of Kkla, he was not rewarded.

In a tweet, he claimed that he found a vulnerability in a Solana smart contract that would have affected several projects and potentially led to the loss of $30 million in funds. According to the dev, he reported and helped resolve this, and when it was time to ask for a reward, the projects just ignored him.

This sends the wrong message. The message is that projects prefer getting hacked than having critical bugs reported to them. This brings the Mango exploit to mind.

The hacker informed the project about a vulnerability, and they didn’t handle it favorably, so he cracked the system, then sent them a proposal for Mango Markets to pay him a $70 million bounty.

The proposal also involved sending back about $50 million on the condition that Mango Markets used the $70 million USDC in its treasury to clear the bad debt and also pay back all its users.

He made sure they wouldn’t freeze his account so he could use the stolen Mango tokens to vote yes on his proposal.

He was supported by another member of the community, ReddSpark, who had this to say:

In his opinion, there are two possibilities. Either the developers aimed to exploit this from the beginning since they are in the best place to spot these vulnerabilities. That would explain their negative reaction to Kklas’s discovery, or developers should just hack the project themselves and then negotiate from a place of leverage.

This would be more profitable than getting ignored afterward.

This has led to a new potential trend. Some users predict that the next cycle in the crypto space will be what they term a “break-and-fix cycle.” According to these users, traders could potentially pay black hat hackers to exploit critical vulnerabilities in projects while shorting projects, making a profit, and having leverage against these projects.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts