“Last week I discovered a critical bug that would have allowed an attacker to print an unlimited amount of cryptocurrency, for which I won a $2 million reward.”
The sentence is from Jay Freeman, an American software engineer who goes by the nickname ‘Saurik’ on the internet, well known in the world of mobile app developers for having created software that allows you to download and install applications outside the App Store (Cydia) on Apple iPhones.
Now, however, he monopolizes the spotlights for a very different reason: he has just perceived a millionaire reward in exchange for having the option to become one of the biggest crypto-millionaires of the planet.
The issue revolves around a security hole discovered in Optimism, a second layer solution for Ethreum that tries to address congestion and scalability issues present in the smart contract network.
The vulnerability gave the option to whoever detected it to have access to “an unlimited amount” of tokens OETH, the Optimism version of ethereum, one of the largest cryptocurrencies in the market that was trading this Tuesday at 2,750 euros per unit.
Freeman could have chosen to become a billionaire thanks to that security hole, but instead decided to bring the bug to the attention of the platform so they could fix it.
“One of the most ‘fun’ things about working in crypto is exactly what makes it ‘scary’: the (financial) stakes tend to be extremely high. One of the ramifications of this idea is that security research matters much more than in other fields of software,” Freeman summarizes in a long text on his blog.
“Do we really believe that ‘code is law,’ and that if someone finds a bug that allows them to take $1 billion, the rest of the world [en referencia a los desarrolladores] should I think ‘I guess someone made a mistake’?
If so, does it change your view if you’re not going to benefit personally, but you’re going to destroy a system that people were using?” Reflects Freeman, who calls himself a gray hat ‘hacker’, that is, an expert in cybersecurity that it can cross ethical barriers to investigate threats and vulnerabilities but that it does not do so with harmful intent.
But what exactly has happened that someone could ‘print’ infinite cryptocurrencies?
The developer has explained that he discovered the flaw while researching so-called “nano payment protocols.” Optimism is one of these protocols, and it allows users to send small amounts of cryptocurrency with little transaction fees, albeit with security considerations.
The specific error, a overflowis simply a security flaw that allows attackers to bypass network defenses.
According to the information provided by protosplatform coins tokens ether alternatives that only exist on the Optimism network. Users first lock their ETH into a smart contract as collateral to receive their tokenswhich are doubled as collateral.
In this way the tokens they can be transacted faster and cheaper compared to transactions on the blockchain almost instantly, making Optimism a potential solution for scaling Ethereum. When Optimism users want to collect those guarantees, they must first wait a week before their “real” ether tokens are released.
From Optimism They assure that the error occurred when the ‘SELFDESTRUCT’ operation code was repeatedly activated in a contract that had an ETH balance. In any case, they point out that a solution has already been implemented. “We are extremely grateful to hackers like Saurik for helping keep Optimism safe.”
Failures on the big platforms accumulate
Despite being a technological revolution, the world of cryptocurrencies and NFTs is not perfect. A few weeks ago, OpenSea, the world’s most famous NFT platform, suffered a bug that allowed some users buy NFTs for prices well below those currently marked by the market.
As reported by the media Cointelegraphmany hackers took advantage of the bug and managed to buy the NFTs at their old trading price and then sell them at the current market price.
This is how ethical hackers work who are dedicated to legally hacking companies like Uber, Starbucks or Airbnb
The middle Cryptopolitan.com Several attacks on ethereum have also been echoed in recent months. For example, in 2016, an unknown individual began stealing money from Ethereum’s first decentralized autonomous organization, or DAO. The DAO was established weeks earlier, after a massive sale of 150 million dollars.
The last affected has been one of the most popular bridges that joins the ethereum and solana blockchains, which has lost the equivalent of 283 million euros after an apparent hack.
This theft represents a figure rarely seen before in the history of decentralized finance, only behind the theft of the Poly Network cryptocurrency, worth 531 million eurosas reported by the CNBC.