Welcome to BlockThreat!

SushiSwap payed out a $1M bounty for a responsibly disclosed critical bug. Other DeFi projects promote bounties up to $2.5M. In comparison, zero day marketplaces pay $2.5M for full exploit chains in iOS and Android phones with an added requirement to not share bugs with manufacturers. Responsible disclosures are only in the $250K range for similar bugs. Is it only a matter of time before hobbyist criminals are replaced by seasoned grey hats who realized that the economics of DeFi exploits makes it a far more profitable enterprise?

Coordinated disclosure is really tricky. Ethereum and other compatible networks experienced networks splits after an attacker figured out a vulnerability in a hotpatch and launched an exploit before most nodes upgraded. In other news, Bilaxy exchange reported a hotwallet compromise, several DeFi projects experienced repeat hacks, new scammer technique targets Metamask users, and more in this week’s edition.

As a reminder, you can find po…