Cryptonews Altcoin News Axie Infinity Developer Sky Mavis Offers up to USD 1M in Bounty for ‘Fatal Bugs’

Axie Infinity Developer Sky Mavis Offers up to USD 1M in Bounty for ‘Fatal Bugs’

Ruholamin Haqshanas

Last updated: October 23, 2023 09:06 EDT | 2 min read

Sky Mavis, the firm behind the popular blockchain-based online game Axie Infinity (AXS), has launched a bug bounty program to incentivize white-hat hackers to find bugs associated with its services.

In an announcement, the team detailed that the program covers issues related to the two categories:

smart contracts and blockchain,
website and apps.

Rewards for the first category will range from USD 1,000 to USD 1m, while rewards for the second category will be in the range of USD 50 to USD 15,000. The amount depends on the level of threat – ranging from low to critical.

“Sky Mavis is eager to work with the community to make sure that every researcher’s finding is rewarded fairly – based on the vulnerability’s impact on business and overall severity,” the team said, adding:

“To this end, it is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to [USD] 1,000,000.”

The blockchain gaming studio added that it will pay rewards in Axie’s governance token AXS. Moreover, there will be a six-months vesting period with monthly unlocks for fatal bounties that command top awards, which is arguably due to avoid a major sell-off.

The team noted that the program is for “the disclosure of software security vulnerabilities only,” and that “only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards.”

The program comes after Axie’s Ronin bridge, which allows users to send crypto back and forth between Ethereum (ETH) and Axie’s Ronin sidechain, was exploited to the tune of more than USD 600m back in March, marking one of the biggest hacks in the history of decentralized finance (DeFi).

And it appears that the exploiter(s) started moving the stolen funds through the privacy protocol Tornado Cash over the past week, per the blockchain data showing the activity of the address marked as ‘Ronin Bridge Exploiter’. The attacker seems to have made twenty ETH 100-heavy transactions to Tornado Cash. The main wallet still holds USD 461.53m worth of ETH.