White-hat hackers continue to rid blockchain projects of their bugs, having earned a minimum of $7,400 for fixing security flaws in popular cryptocurrency platforms like Monero and Stellar.
Seven cryptocurrency-related projects dished out rewards to blockchain hackers for finding and patching 20 software bugs in the past two weeks (between March 14 and 28), according to HackerOne data reviewed by Hard Fork.
Platforms Augur, Monero, ICON, and Stellar distributed bounties to security researchers – even services Crypto.com, Robinhood, and Omise recently paid hackers to fix up their code.
Which blockchain-related startup featured the most bugs this time?
Omise, the firm behind the OmiseGO cryptocurrency, topped the list with eight HackerOne vulnerability reports submitted in the past fortnight.
Blockchain-based prediction betting market Augur was found with three code-kinks equal to $2,850 in rewards, with one bug labeled “medium risk” worth $2,500 all by itself.
Digital asset wallet-slash-exchange service Crypto.com also fielded three reports, worth a combined $2,250.
Anonymity-focused altcoin Monero paid hackers twice for fixes. Interoperability blockchain ICON processed one patch worth $1,000. Stellar, too, paid just once, but the amount designated to the bounty remains undisclosed.
Robinhood (the company behind the stock trading app that began supporting cryptocurrency exposure last year), awarded bug bounties for two security fixes, however again, the details of those vulnerabilities were not disclosed.
Unfortunately, a great majority of the reports remain locked, and the few made public relate to minor bounties; small bugs that could have allowed users of Omise and Augur services to be maliciously redirected to dodgy sites.
Still, eight projects, 20 bugs and a minimum of $7,400 in payouts in just the last two weeks. It sounds bad (and it could be), but it’s pretty much par for the course at present.
Indeed, 43 bounties for security fixes in blockchain-related platforms were paid between February 13 and March 13, with a minimum of $23,675 paid to the hackers who patched them.
Published March 28, 2019 — 17:27 UTC