credit: third party image reference
Cryptocurrency platform releases ‘bug bounty’ carrot to hacker who swept away $2 million n a hacking attack
Akropolis has not nevertheless gone to law enforcement, giving the hacker time to think about the proposal.
Akropolis has offered the hacker who stole away $2 million in Dai cryptocurrency a "bug bounty" reward reciprocally for the missing funds.
In an open letter revealed on Medium, the cryptocurrency "community economy" platform projected a $200,000 "reward" for the threat actor's cooperation.
Describing the bug bounty payment "as compensation for your exploit," Akropolis aforementioned it "hope[s] that the hacker can take our provide into thought and work with the team to resolve the problem."
The platform unconcealed the thievery of cryptocurrency from its platform last week. As antecedently reported, transactions were briefly paused to prevent additional Dai tokens from being stolen in what's referred to as a "flash loan" attack.
Flash loan attacks occur on decentralised finance (DeFi) platforms. an assaulter loans funds on the other hand exploits a security weakness -- like a vulnerability -- to bypass loan mechanisms and leave with the cryptocurrency they need 'borrowed.'
Since the cyberattack, Akropolis has internally investigated the exploit and is presently fixing "contract-level" problems. the corporation has additionally launched an external analysis of the incident in conjunction with partners and investors.
However, Akropolis has chosen to not head to law enforcement -- however -- within the hope that the hacker can comply with the firm's proposal.
"We would love to propose that you simply return back the funds of our community members within forty eight hours and reciprocally, we'll provide a $200,000 bug bounty," Akropolis same. "We can take measures to safeguard your identity as required. If you choose to not work we will pursue criminal action and make contact with law enforcement."
There is no word as of yet, over forty eight hours later, if the hacker accountable has accepted this proposal -- or what Akropolis' next course of action is also. At the time of writing, the taken Dai coins are still being held in a blacklisted, attacker-controlled case.
In a project update on Gregorian calendar month sixteen, Akropolis aforementioned the threat actor was able to exploit the "flawed handling of the deposit logic within the SavingsModule smart contract."
"The exploitation results in an outsized range of pool tokens minted while not being backed by valuable assets," the corporate added.
Checks for deposit tokens and whitelist functions have currently been enforced. Akropolis is presently functioning on adding take a look at coverage for staking pools, boosting security check-ups, and selecting the way to compensate users. The platform is additionally on the search for 2 new senior developers to hitch the team.