Inside money, markets, and big tech

Coinbase, EOS, and Stellar paid $60K to white-hat hackers this week

EOS has distributed over $500,000 in bug bounties this year

There has been a sharp increase in payouts from cryptocurrency bug bounties. Major platforms Coinbase, EOS, Stellar, XLM and Augur have all recently rewarded hackers (the good kind) handsomely for discovering security flaws.

Notably, – the company behind EOS – paid out bug bounties worth more than $60,000 over the past week. Six of those bounties were labeled as ‘critical threats,’ earning rewards of $10,000 each – the maximum amount currently offered for discovering individual kinks in EOS.

With this week’s bounties, has awarded a total of more than $500,000 to bug-hunting hackers since launching in May this year.

Decentralized betting platform Augur, which runs on Ethereum, joined in with a $500 bounty payout. Popular blockchain Stellar also rewarded researchers for two separate security fixes in the past week.

Coinbase, one of the world’s largest cryptocurrency exchanges, too gave out its fair share. It dished out six bounties themselves – one in particular was worth a hefty $4,200.

Unfortunately, this latest batch of vulnerability reports remain undisclosed. This makes it especially difficult to tell what the security vulnerabilities involve.

Incentivizing white-hat hackers

The crowdsourcing of security researchers has really become standard for the cryptocurrency industry. In particular, HackerOne has become a hub for the internet’s hackers, incentivized to fix critical bugs in blockchain projects rather than exploit them.

The opportunity is certainly there. Shortly after EOS launched its bounty program, one hacker claimed $120,000 for discovering bugs in just one week.

By August, it had paid security researchers more than $417,000 in rewards. It shouldn’t be surprising, then, that EOS bounties make up roughly two-thirds of all payouts in 2018.

The ugly truth is that as long as there are (human) smart contract coders, there will be security flaws. The sad part is that often, early adopters of the decentralized internet are punished for the poor coding practices of newbie blockchain devs.

We’re seeing this in real time. Earlier this week, hackers stole $58,000 directly from users of “decentralized” EOS asset exchange Newdex. This is because its developers chose not to use any smart contracts in the Newdex dApp, of all things.

Still, the collateral damage that comes with shitty code, though, is inevitably decided by what kind of hacker discovers it first. Luckily for Coinbase, EOS, Stellar, and Augur – for this past week, it’s been the good kind.

Published September 19, 2018 — 12:40 UTC