In the past seven weeks, white hat hackers earned at least $32,150 by fixing security flaws in popular cryptocurrency and blockchain platforms like TRON, Brave, EOS and Coinbase.
According to data reviewed by Hard Fork, 15 blockchain-related firms have paid rewards to security researchers between March 28 and May 16, split across 30 publicly-released bug reports.
Omise, the software firm behind cryptocurrency OmiseGo, fielded the most fixes (six). Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.
Projects adjust their HackerOne rewards to the severity the discovered security flaws. Whilst the majority of Omise’s reports were only worth around $100 each, other payments in the past seven weeks were much higher.
Block.one, the firm behind the EOS “blockchain,” rewarded one hacker with $10,000 for a single fix, as did budding network Aeternity.
TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, which would have brought its blockchain to a screeching halt.
The amount of hackers who prefer to fix security issues seems to be remaining steady — but sometimes they can make off with much bigger amounts exploiting vulnerabilities themselves.
Indeed, cryptocurrency exchange Binance revealed attackers had successfully stolen 7,000 BTC (then $40 million, now $55 million) from its own wallets last week.
Coincidentally, Binance runs its own bug bounty program with a maximum reward of $100,000 for the most critical of vulnerabilities. The Binance hacker remains at large.
Published May 20, 2019 — 15:21 UTC