According to Cointelegraph: In the wake of the $550,000 October hack, the Fantom Foundation has awarded a significant $1.7 million bounty to a security researcher who uncovered an additional vulnerability associated with the hack. The researcher's discovery potentially saved the foundation from an estimated drain of $170 million.
The Fantom Foundation, responsible for the development of the Fantom blockchain platform, suffered a hot wallet attack on October 17, experiencing a 1% loss of funds. This prompted the foundation to cease using some affected wallets deemed to be a targeted attack.
The researcher's attention to detail led to the identification of a latent vulnerability linked to a dormant admin token for Fantom’s ERC-20 FTM contract. This exposure could have provided the attacker with the opportunity to mint a portion of the Fantom for themselves, leveraging the Ethereum platform.
Had the hacker taken advantage of this vulnerability, based on the token price during the hack, they could have drained approximately $170 million from the wallet, although the Fantom Foundation noted that the market might not have had the liquidity to fully accommodate the transfer of all tokens.
The foundation managed to swiftly mitigate the identified vulnerability and awarded the security researcher with a whopping $1.7 million bounty in recognition of their crucial contribution to network security.
Despite the half-million-dollar loss a month ago, the Fantom token has undergone a resurgence, adding 82% in value since October 17. Launched in late 2019, Fantom network allows users to develop and deploy decentralized applications (DApps). The Fantom Foundation’s Opera is a permissionless blockchain, akin to the Ethereum Virtual Machine, enabling interaction with the Fantom network on established crypto wallet, MetaMask.
However, this is not the first attack on the foundation or its users. In July 2023, a massive multichain bridge hack led to a loss of $126 million worth of cryptocurrency for Fantom. Andre Cronje, the creator of Fantom, later stated that the team had been misinformed about Multichain's actual security level, leading to its shutdown in mid-July 2023.
