Cryptocurrency-related bug bounty programs have seemingly been extremely profitable for hackers this year, as stats from breach disclosure platform HackerOne show they’ve netted them $878,000.
According to The Next Web, blockchain companies have received “at least” 3,000 vulnerability reports this year, and data compiled in mid-December shows $878,000 have been awarded in bug bounties so far this year. In August, the figure was at $600,000.
Speaking to the publication a HackerOne spokesperson revealed that “nearly” 4% of all bug bounties awarded on the platform this year came from blockchain and cryptocurrency-related companies. These, it noted, give hackers better compensation when compared to other industries.
The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900. One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.
HackerOne reportedly added that there are 64 crypto-related companies on its platform, a number dwarfed by the more than 2,000 companies the cryptocurrency ecosystem already has in it. This, The Next Web notes, means the “real number of vulnerabilities is likely significantly higher.”
Out of the nearly $900,000 awarded to hackers this year, Block.one, the company behind EOS, awarded over $530,000, accounting for more than 60% of the bounties handed out. This made it the company in the space that has so far awarded more in bug bounties.
Block.one’s program was launched in May and, shortly after, on hacker claimed $120,000 in bug bounties. If we consider data from before this year, Block.one is followed by Coinbase, which has awarded a total of $290,000 in bug bounties, and by TRON, which has awarded $76,200.
As the news outlet further pointed out, researchers have this year found crippling vulnerabilities in major cryptocurrencies, including bitcoin itself. CryptoGlobe covered at the time that the vulnerability could have been used to inflate bitcoin’s supply above the 21 million limit placed by Satoshi.
This year, a developer who works at the MIT Media Lab’s Digital Currency Initiative (DCI) discovered a bug in Bitcoin Cash that would have allowed malicious actors to “split the Bitcoin Cash blockchain into two incompatible chains.”
Back in June, a bug found in ICON’s smart contract was reportedly allowing anyone, except for the contract’s owner, to halt transactions and effectively disable the cryptocurrency’s network. At the time, ICON’s market cap was of $800 million.