Join us at TNW Conference 2022 for insights into the future of tech →

Inside money, markets, and Big Tech

This article was published on May 20, 2019

Hackers made $32K in 7 weeks by fixing bugs in cryptocurrency projects

Coinbase, TRON, EOS, and Augur paid rewards

Hackers made $32K in 7 weeks by fixing bugs in cryptocurrency projects
David Canellis
Story by

David Canellis

David is a tech journalist who loves old-school adventure games, techno and the Beastie Boys. He's currently on the finance beat. David is a tech journalist who loves old-school adventure games, techno and the Beastie Boys. He's currently on the finance beat.

In the past seven weeks, white hat hackers earned at least $32,150 by fixing security flaws in popular cryptocurrency and blockchain platforms like TRON, Brave, EOS and Coinbase.

According to data reviewed by Hard Fork, 15 blockchain-related firms have paid rewards to security researchers between March 28 and May 16, split across 30 publicly-released bug reports.

Omise, the software firm behind cryptocurrency OmiseGo, fielded the most fixes (six). Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.

Projects adjust their HackerOne rewards to the severity the discovered security flaws. Whilst the majority of Omise’s reports were only worth around $100 each, other payments in the past seven weeks were much higher.

Block.one, the firm behind the EOS “blockchain,” rewarded one hacker with $10,000 for a single fix, as did budding network Aeternity.

TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, which would have brought its blockchain to a screeching halt.

The amount of hackers who prefer to fix security issues seems to be remaining steady — but sometimes they can make off with much bigger amounts exploiting vulnerabilities themselves.

Indeed, cryptocurrency exchange Binance revealed attackers had successfully stolen 7,000 BTC (then $40 million, now $55 million) from its own wallets last week.

Coincidentally, Binance runs its own bug bounty program with a maximum reward of $100,000 for the most critical of vulnerabilities. The Binance hacker remains at large.

Also tagged with