On Tuesday morning, just 24 hours before the long awaited Rocket Pool launch, a StakeWise.io developer Dmitri Tsumak, has discovered a significant vulnerability in the StakeWise protocol.
What later came on as a surprise was that the bug also affected other staking providers such as Ethereum staking giant Lido Finance and even Rocket Pool. This has led Rocket Pool developers to put a halt on their launch plans.
By discovering this vulnerability , Mr Tsumak has potentially saved millions of dollars for investors who could potentially have had their ETH assets compromised.
StakeWise’s Twitter statement read as follows
1/ Last night around 7PM UTC, our founder Dmitri Tsumak (@tsudmi) discovered a severe vulnerability in @Rocket_Pool that could lead to the theft of users’ funds if exploited.— StakeWise (@stakewise_io) October 5, 2021
Upon further examination, it became apparent that @LidoFinance‘s architecture was also affected. https://t.co/xlpZMYkFMe
Despite Rocket Pool, Lido and other staking providers all agreeing to not disclose the nature of the bug, it appears that bug bounty platform Immunefi will distribute $100,000 worth of bounty money, indicating a “severe” type of breach that has been found.
Lido Finance has tweeted about a potential 20,000 ETH that have been in risk, worth upwards of $72 million dollars.