Since its inception, blockchain technology has been hailed as one of the most secure technologies ever, owing to features such as immutability and decentralized consensus. However, more and more security vulnerabilities have come to light in the last decade, through large-scale hacks where the perpetrators exploited seemingly non-existent bugs to gain access to users’ funds.
However, this has also helped security agencies and exchanges understand various security lapses and fix them, before they are exploited by hackers. The Bug Bounty program, where a hacker is rewarded for finding security vulnerabilities, is one of the primary methods by which exchanges and security firms track down and fix vulnerabilities.
According to a report by The Next Web, participants of bug bounty programs continue to help secure the network and rid blockchain projects of crucial bugs, earning a minimum of $7,500. This is especially so on Monero and Stellar.
According to data collated by HackerOne, atleast seven cryptocurrency-related projects rewarded ethical blockchain hackers for finding and fixing over 20 crucial bugs in the last two weeks, from 14 March to 28 March. Some of the major blockchain projects which distributed considerable bounties to ethical hackers were Monero, Stellar, ICON, and Augur. Some non-blockchain services including Robinhood, Omise, and Crypto.com also paid hackers for patching certain security vulnerabilities.
Of all the services and projects analyzed by HackerOne, Omise, the organization behind the OmiseGo cryptocurrency registered the highest number of security vulnerabilities. The service reported eight crucial vulnerability reports over the past two weeks.
The second place on the list was shared by betting market, Augur and Digital asset wallet/exchange service, Crypto.com. Both of the services listed three security vulnerabilities each.
Monero, the ‘privacy coin,’ reported a total of two security vulnerabilities. However, it was unclear how much bounty was paid for finding the security loopholes.
Stellar, the cryptocurrency which saw increased adoption over the past week due to the World Wire announcement, registered one bug bounty. Again, the money involved was not disclosed to the public.
Augur distributed a total of $2,850 in bug bounty over the past two weeks. Though two of the vulnerabilities were not that prominent, one was labelled “medium risk,” and the researcher who found the bug was offered $2,500 as a reward, amounting to over 85% of the total bounty distributed.
Though Crypto.com’s security issues were not very sinister, the company distributed almost $2,250 as bounty over the past two weeks.
ICON registered only one issue, but the bounty for fixing it was $1,000. Robinhood registered two bug bounties, but the details of the same were withheld.