Powered by

Inside money, markets, and big tech

Blockchain researchers are still finding critical vulnerabilities in EOS

Block.one has already handed out $50,750 worth of bug bounties this year


Months after its nightmarish launch, cryptocurrency and blockchain security researchers are still finding vulnerabilities in EOS, EOS according to recent activity on breach disclosure platform HackerOne.

After reviewing the latest bug disclosures on the platform, Hard Fork found that EOS developer Block.one closed eight vulnerability reports submitted by white-hat hackers in January alone, for a total of $50,750 worth of bug bounties.

It’s worth noting that out of the eight bounties, five qualified for Block.one’s $10,000 reward, reserved for critical vulnerabilities.

This extends Block.one’s unfortunate vulnerability disclosure streak from last year. After launching its disclosure program at the end of May, EOS handed out over $500,000 in bug bounties in 2018, accounting for more than 60 percent of all bug bounty rewards awarded by blockchain companies.

Block.one wasn’t the only cryptocurrency business to deal with vulnerability reports last month though. Blockchain-based protocol TRON and exchange service Robinhood closed three bug reports each, followed by Cobinhood with two. Coinbase, Monero, Electroneum, and Gatecoin also received at least one bug report each in January.

Unfortunately, none of the vulnerability disclosures are open to the public, so there’s no way to gauge the severity of the bugs.

Blockchain bug disclosure activity in the bigger picture

On the bright side, blockchain companies represent only a minuscule fraction of all bug reports submitted to HackerOne in January. In total, there were about 1,400 new bug reports on the platform last month.

By comparison, blockchain companies closed over 3,000 bug reports in 2018, according to data from HackerOne. Of course, the data exclusively refers to bug report activity on HackerOne, which means the real number of bugs in blockchain-powered businesses is likely much higher.

Published February 5, 2019 — 14:46 UTC

Pssst, hey you!

Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.