Ethereum Bug Bounties Jump to $1 Million Before Software Upgrade

    The non-profit foundation behind the Ethereum blockchain is quadrupling the rewards it will pay to friendly hackers who uncover bugs in the code of its much ballyhooed software upgrade to as much as $1 million.
    By: BLOOMBERG
    | Updated on: Aug 29 2022, 19:00 IST
    This malicious Firefox add-on stole thousands of dollars in cryptocurrency
    A particular malicious add-on for Firefox, that goes by the name Safepal Wallet, has managed to scam users by stealing money from them and managed to live on the Mozilla add-ons store for seven months before getting detected and removed.
    1/6 A particular malicious add-on for Firefox, that goes by the name Safepal Wallet, has managed to scam users by stealing money from them and managed to live on the Mozilla add-ons store for seven months before getting detected and removed. (Pixabay)
    image caption
    2/6 Safepal is essentially a cryptocurrency wallet application that is capable of holding more than 10,000 types of assets, including Ethereum, Bitcoin, Litecoin, etc. However, Safepal is an official smartphone app that is available for Apple and Android both. There are no known “authentic” Safepal browser extensions. (BleepingComputer)
    image caption
    3/6 According to a post shared by a user who goes by the name Cali on the Mozilla Support forum, within a few hours of installing and logging in to the Safepal Wallet extension with their real Safepal credentials, they saw their wallet balance drop to $0 from $4,000.  (Mozilla Support Forum )
    image caption
    4/6 While investigating Safepal Wallet, BleepingComputer came across the phishing domain used by the add-on and this webpage was also listed as the "support site" link on the fake add-on's home page: https://safeuslife.com/tool/. WHOIS records indicate the this phishing site was registered in January this year via Namecheap. And BleepingComputer reported that at the time of them filing this report, the webpage is still live and it instructs people to key in their "12-word Backup Phrase in the correct order to pair your SafePal Wallet". (BleepingComputer )
    image caption
    5/6 Once the recovery phrase is entered and the form is submitted, the page refreshes without any noticeable response and the recovery phrase is sent to the attacker. A stolen recovery phrase can give attackers control over your wallet along with the ability to access and transfer funds. (Pixabay)
    image caption
    6/6 Five days after Cali publicly reported the incident, a Mozilla spokesperson responded to say that they were investigating the issue and the page for Safepal Wallet has since been removed by Mozilla. The Mozilla add-ons store now has one-star reviews posted by some users that are warning others to not download “Safepal Wallet”. (BleepingComputer )
    ethereum
    View all Images
    The bounty amounts are being raised to reduce the chance that a critical issue arises during what’s called the Merge. (REUTERS)

    The non-profit foundation behind the Ethereum blockchain is quadrupling the rewards it will pay to friendly hackers who uncover bugs in the code of its much ballyhooed software upgrade to as much as $1 million.

    Until now, the so-called bug-bounty program was offering payments of up to $250,000 and a place on its leaderboard to hackers who uncovered critical errors. The increase was announced in a blog post Wednesday.

    The bounty amounts are being raised to reduce the chance that a critical issue arises during what's called the Merge, which is slated to take place between Sept. 10 and Sept. 20. The exact date will depend on any shifts in the amount of computing power supporting the network.

    During the Merge, Ethereum will switch from using powerful computers called miners to order transactions to using a much more energy-efficient system called proof of stake. In proof of stake, wallets holding coins order blocks of transactions.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 25 Aug, 23:09 IST
    NEXT ARTICLE BEGINS
    keep up with tech