Last Year, White Hat Hackers Were Awarded $878000 for Finding Cryptocurrency Bugs

Last Year, White Hat Hackers Were Awarded $878000 for Finding Cryptocurrency Bugs
Last Year, White Hat Hackers Were Awarded $878000 for Finding Cryptocurrency Bugs

While Blockchain adherents have become interested in it because of its high security, this technology is not complete and perfect, and often some cases of vulnerability are observed in their codes. Blockchain which is an information recording and reporting system and has an encrypted data structure is the basic digital currency technology. In fact, Blockchain companies have only received at least 3000 reports of a vulnerability in 2018.
In order to discover errors or software bugs, software developer companies hold a competition called “Bug Bounty” after finishing software development, and during it, the hackers are invited to disclose errors, namely, software bugs; in other words, defeat software and in this way developers can remove its defects before exploiting software. HackerOne is one of platforms which work in this area and creates a communication bridge between hackers and software companies through offering Bug Bounty techniques, and consequently helps companies decrease security risks.
According to a report by HackerOne Platform, Blockchain companies have rewarded the hackers $878504 in this year for discovering these gaps. These data were collected in the middle of December. In a comparison made, it was found that $600000 of the rewards for discovering the gaps were in August.
According to the final calculations, Block.one company which is based on EOS has received more than 60% of donated rewards in 2018. EOS is one of the Blockchain types. The followings are the three highest ranks of Bugs disclosure reward receivers until 2018. Pay attention that these cases include rewards donated before 2018 too.
•    Block.one with $534500
•    Coinbase with $290381
•    TRON with $76200
Coinbase cryptocurrency share, one of the blockchain types, is on the second place receiving $290381 reward for disclosing bugs and has started its disclosure programs since 2014. Block.one offered EOS disclosure programs at the end of May. A little time later, a hacker asked for $120000 of bug bounty reward from Block.one in less than a week.
According to the remarks of one of the HackerOne spokesmen, about 4% of all bounty rewards of HackerOne in 2018 has been possessed by cryptocurrency and blockchain companies. The average of the rewards of all Blockchain companies equaled $1490 in 2018, while the average of Q4 platform rewards has been about $900. In fact, it seems that in HackerOne, Blockchain companies significantly donate hackers better than other industries. One of the highest amounts of reward price to cryptocurrency hackers was seven times more than the average software engineers’ salary in the same country.

Blockchain Bug problem is bigger than what it looks


HackerOne noted that there are 64 blockchain companies on its platform now; however, there are more than 2000 various companies outside this platform and it shows that the real number of vulnerability cases is dramatically higher. The reports from investigations on present vulnerabilities in Blockchain like Bitcoin, Bitcoin Cash, and Ethereum can prove it.

The researchers found serious vulnerabilities in both Bitcoin and Bitcoin Cash


The reports from the beginning of this year imply that there are 34000 smart, vulnerable cases just in Ethereum-based projects. Moreover, it has recently been reported that decentralized EOS applications have observed more than one million attacks and hacks since July. Security researchers have recently disclosed hardware wallet vulnerabilities, which were opposite to standard security methods written in rewards programs in the general ledger of hardware wallets and as a result of such disclosure, general ledger of hardware wallet deplored because of such vulnerabilities.
In fact, hardware wallet is a small electronic device which keeps currency off-line. Considering Blockchain unchangeable aspects, the severity of its vulnerability is much more than other centralized technologies, since there is no way for reversible transactions.