top | item 40710473

(no title)

ohy | 1 year ago

For whom it seems surprising, that's actually rather small, considering hacks can end up in an irreversible $100M+ transfer to the malicious party.

You can check Immunefi's Bounty-Board for reference, currently paying up to $15M per find.

Another good source is rekt.news, creating post-mortems about all the DEFI-hacks and an own leaderboard, $624M for #1.

discuss

crest|1 year ago

Sure, but you get to enjoy your bounty payout. Having $2M legally vs. having to become a money launderer?

0cf8612b2e1e|1 year ago

Not so sure it is that clear cut. A few infamous stories of bug bounties not getting paid for even trivial amounts

So it is $2 million x probability payment vs $100 million x probability escape without getting caught.

Even with the threat of non-payment, not sure I could ever feel at ease with a multimillion bounty hanging over my head.

usmannk|1 year ago

Right, yeah. I estimated that a savvy attacker might have been able to get out with 50 or even 100m from this, but they would also go to jail. So...

_940h|1 year ago

Taking advantage of bad contracts can be legal depending on various nuanced circumstances. If the potential payout is lucrative, then it makes sense to consult with legal counsel first.

I am not making a judgement about this specific case.