Bitcoin may have been dubbed the “world’s most secure transaction settlement layer” by Anthony Pompliano, but the industry surrounding the protocol may not be all too secure. Case in point, crypto startups have forked out over $878,000 in bounty to white hat hackers in 2018, specifically for solving bugs that slipped under the radar.
Crypto Startups Awarded $878,000 To “Goody Two Shoes” Hackers
The Next Web’s Hard Fork column recently reported that over the course of 2018, blockchain firms awarded $878,504 to goody too shoes hackers for rectifying bugs. Block.one, the company behind the crypto juggernaut in EOS, forked out upwards of 60% of the aforementioned sum. Considering that the startup raked in an approximated $4 billion for its EOS token offering, one of the most hyped cryptocurrencies of all-time, it makes sense why Block.one awarded $534,500 to white hats.
Interestingly Coinbase, the seemingly unhackable $8 billion upstart, comes in behind Block.one with $290,381 in paid bounties. But, HackerOne, the cybersecurity platform that compiled the data, didn’t divulge how much of that sum was a result of 2018 bugs, as Coinbase purportedly began its disclosure program in 2014. Justin Sun-headed Tron, which recently surpassed a number of pertinent milestones, has found itself behind Coinbase, allowing white hats to score $76,200.
Yet these quintuple and sextuple figures are edge cases, as a HackerOne spokesperson told Hard Fork that “the average bounty [paid] for blockchain companies in 2018 was $1,490, that is higher than the Q4 platform average of around $900.”
While many crypto projects talk a big game, the bottom line is that many blockchains and cryptocurrency-friendly startups remain vulnerable. As reported by NewsBTC in early-August, Altex, a lesser-known crypto asset exchange, saw its ARQ stash get looted. The platform claimed that it “lost a big amount,” specifically due to a bug that hails from the Monero codebase.
Just two months later, Pigeoncoin (PGN) fell victim to an odd inflation bug, CVE-2018-17144, that allowed a bad actor to whip up 235 million PGN within a day’s time. Interestingly, the bugged line of code comes from the Bitcoin protocol. The issue has since been patched by Bitcoin Core (the software) developers, but this event still shocked consumers en-masse.
Ground-breaking bugs aren’t limited to the small-cap cryptocurrencies. In July, SlowMist, a Chinese cybersecurity firm, claimed that an anonymous user managed to double spend 694 Tether (USDT). According to SlowMist, a transactor was able to gain credit for 694 USDT on an exchange without sending the funds. Upon digging, it was discovered that the issue was the fault of the victimized exchange. Dacoinminister, a founder of the Omni Protocol, which Tether is based on, wrote:
“It appears that what happened here is that an exchange wasn’t checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second “double spend” transaction had valid=true, which they also accepted.”
Regardless of where this problem originated from, the three aforementioned cases only accentuate the fact that this industry remains nascent. So, this industry’s developers still have a ways to go until crypto is spick and span, and ready for worldwide consumption.
Photo via Shutterstock.