Belt Finance, an automated market maker (AMM) protocol operating a yield optimization strategy on Binance Smart Concatenation (BSC), claims to have paid the largest bounty in the history of decentralized finance (DeFi) to a white chapeau hacker who averted a $10-million bug crisis.

Industry white chapeau programmer Alexander Schlindwein discovered the vulnerability in Chugalug Finance's protocol this calendar week and reported the news to the squad. For his efforts, Schlindwein received a generous compensation of $i.05 million, the majority of which ($1 million) was facilitated by Immunefi and granted by Chugalug Finance, with the additional $l,000 offered by Binance Smart Chain's Priority Ane program.

Immunefi is one of the market leaders in software security for cryptocurrency projects. Since its inception, the platform has reportedly paid out in backlog of $3 million to white hat hackers who take successfully identified technical infrastructure flaws in smart contracts and crypto platforms.

Priority 1 is a BSC initiative launched in July to heighten the security of decentralized applications (DApp) inside the platform'southward native ecosystem. Mirroring the structure of Immunefi, the service provides a $x-one thousand thousand incentive fund to blockchain bounty hunters who successfully contribute to the abstention of security breaches across 100 DApps.

Schlindwein told Cointelegraph almost how he discovered the vulnerability:

"I went through the listing of bug bounties on Immunefi and picked Chugalug Finance equally the next 1 to work on. While I was studying their smart contracts, I noticed a potential problems in the internal bookkeeping, which keeps track of each user'southward deposited funds. Playing the attack through with pen and paper gave me more conviction in the existence of the bug. I continued by producing a proper proof-of-concept [PoC] which undoubtedly confirmed its validity and economic damage."

"The adjacent step was to create an official report on Immunefi including the PoC and an extensive description of the exploit," Schlindwein said, adding, "Immunefi reacted immediately to the critical report, and within iii minutes after submission, information technology was escalated to the Belt team. Soon subsequently, Chugalug confirmed the validity of the written report and began implementing a fix, which then patched the vulnerability."

Related: The perfect storm: DeFi hacks volition advance the crypto sector moving forward

Although DeFi'due south security breaches remain a prevalent concern, information technology has been argued by some that the nascent ecosystem will benefit from such incidents in the long term, equally areas of weaknesses are starkly highlighted.

Cointelegraph asked Schlindwein his perspective on the importance of bounty programs in supporting DeFi's antifragile ambitions:

"I am strongly convinced of the importance of bug bounties and initiatives such as bounty funds. DeFi security consists of multiple layers, starting with peer review and unit testing to external audits and formal verification. Bug bounties are the last line of defense force should an effect slip through the overlying layers with the potential to prevent a devastating hack while instead seriously fixing the issue and compensating the finder."

"Problems bounties in DeFi have been a rare sight before Immunefi existed, only offered by the 'Crème de la Crème' of projects. It'south corking to encounter hundreds of projects launching their bug bounty present, which will certainly bring DeFi security frontwards in the long run," Schlindwein concluded.