Cryptocurrency-Related Bug Bounties Have Netted Hackers Nearly $900,000 This Year

Cryptocurrency-related bug bounty programs have seemingly been extremely profitable for hackers this year, as stats from breach disclosure platform HackerOne show they’ve netted them $878,000.

According to The Next Web, blockchain companies have received “at least” 3,000 vulnerability reports this year, and data compiled in mid-December shows $878,000 have been awarded in bug bounties so far this year. In August, the figure was at $600,000.

Speaking to the publication a HackerOne spokesperson revealed that “nearly” 4% of all bug bounties awarded on the platform this year came from blockchain and cryptocurrency-related companies. These, it noted, give hackers better compensation when compared to other industries.

The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900. One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.

HackerOne reportedly added that there are 64 crypto-related companies on its platform, a number dwarfed by the more than 2,000 companies the cryptocurrency ecosystem already has in it. This, The Next Web notes,  means the “real number of vulnerabilities is likely significantly higher.”

Out of the nearly $900,000 awarded to hackers this year, Block.one, the company behind EOS, awarded over $530,000, accounting for more than 60% of the bounties handed out. This made it the company in the space that has so far awarded more in bug bounties.

Block.one’s program was launched in May and, shortly after, on hacker claimed $120,000 in bug bounties. If we consider data from before this year, Block.one is followed by Coinbase, which has awarded a total of $290,000 in bug bounties, and by TRON, which has awarded $76,200.

As the news outlet further pointed out, researchers have this year found crippling vulnerabilities in major cryptocurrencies, including bitcoin itself. CryptoGlobe covered at the time that the vulnerability could have been used to inflate bitcoin’s supply above the 21 million limit placed by Satoshi.

This year, a developer who works at the MIT Media Lab’s Digital Currency Initiative (DCI) discovered a bug in Bitcoin Cash that would have allowed malicious actors to “split the Bitcoin Cash blockchain into two incompatible chains."

Back in June, a bug found in ICON’s smart contract was reportedly allowing anyone, except for the contract’s owner, to halt transactions and effectively disable the cryptocurrency’s network. At the time, ICON’s market cap was of $800 million.

Microsoft's Bing Reportedly Blocked Over 5 Million Cryptocurrency Ads Last Year

Francisco Memoria

Microsoft’s search engine Bing has reportedly blocked over 5 million cryptocurrency-related ads last year, as a result of a ban the search engine enacted in an attempt to protect its users from fraudsters.

According to Bing’s ad quality review, the company’s bad account takedowns doubled in 2018, with cryptocurrency, weapons, and third-party tech support scams being the main problems it faced. Overall, Bing suspended “nearly 200,000 accounts” last year, and removed 900 million ads from its platform.

As covered, Bing banned cryptocurrency-related ads back in May, in a move it claimed was made to protect users from scammers, as the crypto market being unregulated meant cryptocurrencies “present a possible elevated risk to our users with the potential for bad actors to participate in predatory behaviors, or otherwise scam consumers.”

At the time Melissa Alsoszatai-Petheo, who published the company’s blog post on the move, wrote:

To help protect our users from this risk, we have made the decision to disallow advertising for cryptocurrency, cryptocurrency related products, and un-regulated binary options. Bing Ads will implement this change to our financial product and services policy globally in June, with enforcement rolling out in late June to early July.

The move saw cryptocurrencies join other questionable products and services Microsoft banned from its platform. These include Ponzi and pyramid schemes, and the mentioned third-party tech support scams.

Bing notably banned cryptocurrency-related ads following bans enacted by search giant Google and social media giant Facebook. These two firms have since started allowing crypto-related ads from a few companies.

At the time, various cryptocurrency associations threatened lawsuits against the tech giants over what they claimed to be “cartel collusion” against cryptos, made in an attempt to manipulate the market.

Although Microsoft’s search engine has banned crypto ads, the tech giant itself has been accepting bitcoin payments since 2014. Its website even has a how-to page walking users through the process of topping up their accounts using BTC.