Search This Blog

Powered by Blogger.

Blog Archive

Labels

Hackers pocketed $878,000 from cryptocurrency bug bounties in 2018

While hardcore cryptocurrency enthusiasts often tout blockchain for its heightened security, the technology is not perfect – and there are often tons of vulnerabilities in the code. Indeed, blockchain companies have received at least 3,000 vulnerability reports in 2018 alone.

According to stats from breach disclosure platform HackerOne, blockchain companies awarded $878,504 in bug bounties to hackers this year. The data was compiled in mid-December. By contrast, the total sum of bug bounties awarded by August was $600,000.

With $534,500 awarded, EOS creator Block.one accounts for more than 60 percent of all bounties handed out in 2018.

Here is the top three all-time chart when it comes to bug bounty rewards (please note this includes bounties from before 2018):

Block.one – $534,500
Coinbase – $290,381
TRON – $76,200

While cryptocurrency exchange desk Coinbase comes in second (with $290,381 in bug bounties), it’s been running a disclosure program since 2014. Block.one launched its disclosure program for EOS at the end of May. Shortly after that, one single hacker claimed $120,000 in bug bounties from Block.one in less than a week.

“Nearly 4 percent of all bounties awarded on HackerOne in 2018 were from blockchain and cryptocurrency companies,” a HackerOne spokesperson told Hard Fork.

Still, it seems blockchain companies remunerate hackers slightly better than other industries on HackerOne.

“The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900.” the spokesperson added. “One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.”

The blockchain bug problem is bigger than it seems.

HackerOne told Hard Fork there are currently 64 blockchain companies on its platform at present. For context, there are more than 2,000 various cryptocurrency companies out there. This means the real number of vulnerabilities is likely significantly higher.
Share it: