White hat hackers are quietly emerging: repairing 20 cryptocurrency vulnerabilities in a month and winning $23,675

As the saying goes: "There is no wall that is not airtight." There are no applications without security holes in the world. Only large enterprises will reduce security vulnerabilities through strict programming specifications and adequate testing, but people will make mistakes. The program does not guarantee 100% security.

What should I do if I encounter a security breach? Traditional applications benefit from a centralized architecture that immediately stops the service, fixes the vulnerability, and rolls back to a normal state to minimize the impact of the security breach. The cryptocurrency is decentralized, it is unlikely to roll back the transaction, and the cryptocurrency involves real money , which is easy to be targeted by hackers.

As a result, many cryptocurrency projects have begun to take a different approach. Instead of facing a security breach that could cause huge losses, why not spend a small amount of money to hire hackers to fix vulnerabilities for themselves? In this way, hackers can go to the table to win honors and bonuses with their own skills. It can be said that this is the best of both worlds.

However, such a result can be said to be, do not check do not know, a check scared. Here to sell the first, I want to know how serious the security of these cryptocurrency projects , let us find the answer in the article.

White hat is quietly rising

Nowadays, white hat hackers have become a trend to fix security vulnerabilities for cryptocurrency projects. According to incomplete statistics, in the past two weeks (March 14 to March 28) Monero and stellar coins ( Stellar and other popular cryptocurrency platforms have given hackers who fix security vulnerabilities at least $7,400 in rewards .

According to data from the vulnerability disclosure platform HackerOne, in the past two weeks, hackers have fixed seven security vulnerabilities in cryptocurrency-related projects and won the platform's rewards.

These “golden” platforms include the decentralized forecasting market platform Augur, Monroecoin, ICON, which is known as the Ethereum in Korea, the stellar currency, and even the cryptocurrency trading platform Crypto.com , which is newly added to the cryptocurrency trading field. The trading platform Robinhood and the V God platform are known as Omise for the blockchain version of Alipay.

These platforms are still in the rapid development of the business, and security vulnerabilities are inevitable, but which platform is the most identified security vulnerabilities?

In the past two weeks, Omise, the operating company behind the cryptocurrency OmiseGO, has received eight copies of the HackerOne security vulnerability , ranking first in all platforms.

Based on the blockchain-based decentralized forecasting market platform, Augur was identified with three security vulnerabilities and a total of $2,850 in rewards, including a “medium-risk” security breach of $2,500.

Crypto.com, a cryptocurrency trading platform, also received three reports of security vulnerabilities, with bonuses totaling $2,250.

Number of security vulnerability reports received by each cryptocurrency-related platform

The cryptocurrency Monroe coin with anonymity as a selling point paid hackers two rewards for fixing security vulnerabilities. In Ethereum in South Korea, ICON, a cryptocurrency currency with interoperability as a selling point, paid a $1,000 repair security vulnerability award. The stellar coin also paid a sum, but the specific amount of the award has not been disclosed.

Robinhood, an operating company that started supporting traditional stock trading applications that used cryptocurrency trading last year, paid hackers two rewards for fixing security vulnerabilities, but the details of these vulnerabilities have not been disclosed.

Unfortunately, most of the security vulnerability reports are still in a state of confidentiality. Currently, there are some low-risk security vulnerabilities that are rarely reported in the bounty. For example, the Omise platform and the Augur platform have a security vulnerability. Users When you open its official website, you may be maliciously redirected to a fake website by a hacker.

In the current data alone, in the past two weeks, hackers have fixed 20 security vulnerabilities in seven cryptocurrency-related projects and received at least $7,400 in rewards.

This data is sensational, and this is still a normal phenomenon. In fact, during the month of February 13 to March 13, the number of security voucher repair bonuses paid by cryptocurrency-related platforms to hackers reached 43. Pen, the amount is at least $23,675 .

Encrypted currency security, high mountain road

In general, once a company encounters a fatal security breach, it will choose to pay a large amount of sealing fees. The security vulnerabilities that ordinary people can access are few and far between, even in this case, the data is amazing.

This can not help but cast doubt on the security of cryptocurrency projects. So, these emerging cryptocurrency projects still have a long way to go…

Source | TNW

Compilation | Guoxi

Produced | Blockchain Base Camp (blockchain_camp)