This is a community post written by the Belt Finance team and published on Binance.org Blog.
Sept 30, 1 pm UTC — Belt Finance, a stableswap AMM protocol that incorporates multi-strategy yield optimizing on Binance Smart Chain (BSC), has paid out $1,050,000 to a whitehat hacker who discovered a critical vulnerability in the protocol which put more than $10 million of capital at risk. The payout was made as a part of the bounty program launched in July with Immunefi, the leading crypto bug bounty and security services platform protecting over $50 billion in users’ funds.
The base payout from Belt Finance was $1m, and Binance Smart Chain’s Priority One bounty matching program, which aims to boost the security of the BSC ecosystem, added $50,000, making the total payout $1,050,000. This makes it the biggest single bug bounty payout ever; publicly disclosed. This single payout is larger than payouts from giants such as Apple, Microsoft, or Firefox.
Alexander Schlindwein, a notable whitehat hacker, discovered the critical vulnerability in Belt Finance that could have led to a loss of more than $10m in capital. He reported it to Belt Finance and the bug has since been patched. No user funds were affected or lost. Earlier this year, Alexander received a bounty in Armor tokens from Armor Fi for a critical bug that could have seen all the firm’s underwriting funds drained; he also discovered a critical vulnerability in Fei Protocol that gained him $800,000 in TRIBE tokens.
“We appreciate the swift response from Belt Finance and are glad that nobody was able to leverage these vulnerabilities before,” says Mitchell Amador, Founder and CEO of Immunefi. “Bug bounty programs are the last line of defense for protecting smart contracts and user funds locked in them.”
Immunefi is a bug bounty platform for smart contracts and crypto projects. It enables security researchers to review code, disclose vulnerabilities, and get paid doing so, and allows companies to secure their projects with leading security talent. Immunefi was the first on the market to introduce a scaling bug bounty standard and has built the largest community of security talent in the crypto space. Since its launch, it has paid over $3,000,000 in bounties to whitehat hackers.
“Security is the key enabler to drive increased adoption in DeFi, the tighter the security the higher are the chances of user and liquidity growth. With BSC’s Priority One program, we support white hackers flagging security vulnerabilities and would like to reward them for their contribution towards making DeFi safe,” said Samy Karim, BSC Ecosystem Coordinator
In July, Binance Smart Chain, the leading DeFi and NFT infrastructure, launched ‘Priority ONE’, a $10 million bug bounty fund for projects building on top of BSC. Since its launch, the initiative has encouraged dozens of participation from bounty hunters, ethical hackers, and security experts.
The fund aims to safeguard the interests of BSC users by continually improving the security standards of protocols. Directed at refining the lifecycle management of BSC users and decreasing project exploits; eligible projects receive advanced risk management controls to identify vulnerabilities at an early stage under the program.
"Belt Finance is proud to make history with the largest bug bounty payout so far in DeFi," said Joon Kee Park, Growth Lead at Belt Finance. "This payout is a sign that we take security seriously and shows our commitment to putting our users first. We will continue to put security first, working tirelessly along with our audit partners, BSC ecosystem and Immunefi to keep Belt Finance safe."
Immunefi is the leading bug bounty and security services platform for DeFi, which features the world’s largest bounties. Immunefi guards over $30 billion in user funds across projects like Synthetix, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, Alchemix, Nexus Mutual, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $3 million, and has pioneered the scaling DeFi bug bounties standard. For more information, please visit https://immunefi.com
About Belt Finance
Belt.fi is a stableswap AMM protocol that incorporates multi-strategy yield optimizing on Binance Smart Chain (BSC), HECO Chain, and Klaytn. Belt Finance is focused on giving users the best yield through a combination of trading fee rewards and an innovative multi-strategy optimization vault system. Belt’s vaults spread deposits across the top DeFi protocols in each ecosystem, letting users earn optimized returns from all of them simultaneously. This also minimizes dependence on any one protocol and protects users from low-liquidity withdrawal issues. Belt Finance’s stableswap AMM offers users the most efficient way to swap their stablecoins by offering significantly lower slippage than alternative swap protocols by taking advantage of its ample liquidity. For more information, please visit https://belt.fi/