Hackers Netted Nearly $1 Million in Blockchain Bug Bounties in 2018

2018 saw cryptocurrency users and enthusiasts lose a lot of money. The year started with a crypto market cap of over $800 billion and is ending with just $130 billion.

There’s no doubt the bear market has been strong and for those who refused to sell, they are most likely underwater. However, despite the massive sell-off, there are people who profited well during these harsh market conditions.

These people either sold the top, shorted the tops, longed the dips, or successfully hacked software to find blockchain bugs.

For those of you who don’t know, hacking can be a very profitable business even when performed legally. According to statistics from breach disclosure platform HackerOne, crypto hackers have netted $878,000 in 2018.

Security in the Blockchain Ecosystem

While many tout blockchain and cryptocurrency for their strength and security, much of the software and technology is still very new.

Users have lost millions of dollars to hackers exploiting bugs in the code. Two of the largest and most famous hacking events involved 2 cryptocurrency exchanges, Mt. Gox and Coincheck.

Following these hacks, crypto exchanges, wallets, and services held bug bounty programs that rewarded hackers for finding software bugs in their systems. They did this to improve safety standards and ensure they keep customer funds safe and secure.

According to TheNextWeb, blockchain companies received at least 3,000 vulnerability reports this year and roughly $600,000 in bug bounties already issued by August.

Further reports from HackerOne revealed that nearly 4% of all bug bounties paid out from the platform this year came from cryptocurrency and blockchain-related companies.

What’s more interesting is that these types of companies only totaled 64 out of the 2,000 companies, and they yielded the highest payouts.

A HackerOne spokesperson further revealed:

The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900. One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.

Largest Bug Bounty Payout

Though HackerOne hosts 64 crypto and blockchain companies on their platform, only 1 company manages over 60% of the bug bounties paid out.

Block.one, the company behind crypto project EOS, awarded hackers $530,000 in 2018.Block.one’s hacker program launched in May, and shortly after one hacker received $120,000 in bug bounties.

EOS ranks as the highest paying blockchain company in HackerOne’s program. In previous years, it was Coinbase with $290,000 in bug bounties, followed by TRON with $76,200 in payouts.

Notable Bugs Found in 2018

They call Bitcoin the most secure and trusted blockchain there is as it has been around for 10 years now. However, this year someone discovered a critical bug with crippling capabilities in Bitcoin’s core code which could have been used to inflate Bitcoin’s supply to above 21 million.

Surprisingly enough, Bitcoin’s bug was discovered by a Bitcoin Cash developer, Awemany, who pointed it out to Bitcoin developers who quickly fixed the vulnerability.

Another notable bug, this time for Bitcoin Cash, allowed for the split of the BCH chain into two incompatible chains. Corey Fields, who works at MIT Media Labs’ Digital Currency Initiative (DCI), discovered this bug.

As for bugs on Ethereum, HackerOne reportedly stated that roughly 34,000 smart contracts on the Ethereum network were vulnerable to malicious activity. However, this number is not overly surprising considering the number of cryptocurrency projects built on top of Ethereum.

Do you think bug bounties are a good idea, or could they lead hackers to exploit vulnerabilities instead? Let us know what you think in the comment section below.