Fantom Foundation Awards $1.7 Million to Security Researcher
On October 17, a Fantom Foundation wallet with admin access was compromised. Per our statement at the time, the affected wallet was no longer utilized by the organization and had been reassigned to a Fantom employee. A security researcher identified an additional potential risk associated with the compromise and reached out promptly to alert us: the wallet in question held a dormant admin token for Fantom’s ERC20 FTM contract, giving the attacker the ability to mint a portion of FTM for themselves on Ethereum.
Quick Risk Mitigation
The risk was mitigated quickly, and in recognition of their contribution, the Fantom Foundation awarded the researcher a bounty of $1.7 million. With the attacker’s access to this wallet, the potential damage could have been $170 million (based on token price at the time), though this estimate does not consider the market’s insufficient liquidity to absorb the tokens fully.
Commitment to Security
The Fantom Foundation is dedicated to upholding the highest security standards for our platform, and we remain grateful for the security researchers who contribute to this effort. By addressing these weaknesses before they’re exploited maliciously, we ensure a secure platform for both developers and users. As such, the Foundation remains committed to rewarding those who bring network vulnerabilities to the team’s attention.
Key Points
- A Fantom Foundation wallet with admin access was compromised on October 17.
- The affected wallet was no longer in use by the organization and was reassigned to an employee.
- A security researcher identified an additional risk and alerted the Foundation.
- The researcher was awarded a $1.7 million bounty for their contribution.
- Potential damage from the attack could have been $170 million, though market liquidity was insufficient to absorb the tokens fully.
- The Fantom Foundation remains committed to maintaining high security standards and rewarding contributions to network security.