Fantom Foundation awards $1.7M to researcher for uncovering potential $170M exploit
Fantom said the vulnerability would have allowed malicious players to mint FTM token on Ethereum.
Fantom Foundation paid $1.7 million to a security researcher who discovered a dormant admin token vulnerability in a wallet that was exploited last month. The vulnerability could have resulted in the loss of up to $170 million, according to a Nov. 20 blog post.
According to Fantom Foundation, the unnamed security researcher alerted it to the additional risk in the compromised wallet that had been reassigned to its employee.
“The wallet in question held a dormant admin token for Fantomโs ERC20 FTM contract, giving the attacker the ability to mint a portion of FTM for themselves on Ethereum,” the Foundation wrote.
The Foundation explained that the hacker could have minted up to $170 million worth of FTM tokens (based on the token’s price at the time of the attack) on the Ethereum (ETH) blockchain if they knew that the wallet they controlled contained the admin token.
However, the Foundation claimed that its estimate does not consider the market’s insufficient liquidity to absorb the tokens fully.
In October, CryptoSlate reported that Fantom Foundation confirmed that it and its employees lost hundreds of thousands of dollars worth of crypto to an exploit. At the time, the Foundation claimed that the attack affected an employee wallet erroneously identified as belonging to it.
Meanwhile, Fantom has considerably recovered from its exposure to the defunct cross-chain Multichain protocol, whose failure negatively impacted the layer1 blockchain network.
Recently, Fantom revealed plans to upgrade its stack with Sonic, a “technological breakthrough that increases base layer scaling by 10x,” according to the network co-founder Andre Cronje.
Additionally, the network’s FTM native token has risen by around 40% during the past month amid the current market situation to $0.31 as of press time, according to CryptoSlate’s data.
However, decentralized finance (DeFi) activities on the network remain low, with the total value of assets locked on it less than $60 million, according to DeFillama data.