43 Vulnerabilities Detected in Major Cryptocurrency Platforms: Report

Thirteen cryptocurrency and blockchain-related firms have received 43 different vulnerability reports in the past month - according to an investigation carried out by security researchers.

Between February 13th and March 13th, over 40 software bugs were detected and reported to Hacker One, a vulnerability disclosure platform. Various types of vulnerabilities were reportedly found in some of the world’s largest cryptocurrency networks including Brave, Coinbase, EOS, Monero (XMR), and Tezos.

White Hat Hackers Found Several Vulnerabilities In OmiseGo, Unikrn 

Unikrn, an Esports gambling platform that has issued its own cryptocurrency called Unikoin Gold, had the greatest number of vulnerabilities out of all blockchain companies. There were reportedly 12 different software bugs discovered in Unikrn’s source code. Meanwhile, the OmiseGo (OMG) platform, which aims to “enable financial inclusion and interoperability through the public, decentralized OMG network,” had at least six software glitches (as reported by the White hat hackers team).

EOS, one of the world’s largest platforms for creating decentralized applications (dApps), had five different vulnerabilities which were detected by hackers in the past 30 days. On March 12th, Chinese cybersecurity firm, SlowMist discovered a “false top-up” vulnerability which could potentially be exploited by attackers as they “can successfully deposit EOS to these platforms without transferring any EOS.” As noted by SlowMist’s researchers, crypto exchanges and wallets that support EOS could be affected by the false top-up bug.

Vulnerabilities Detected In Tezos, Monero, ICON, MyEtherWallet

The White hat hackers team also found four software bugs in Tendermint, a peer-to-peer (P2P) networking protocol and blockchain consensus algorithm. Decentralized prediction markets platform, Augur (REP) and Tezos, a “self-amending” cryptocurrency and blockchain network for deploying dApps, had at least three vulnerabilities in their respective codebases.

Monero (XMR), a leading privacy-oriented cryptocurrency platform, ICON (ICX), a platform that helps facilitate blockchain interoperability, and MyEtherWallet had two vulnerabilities (each) - which the White hat hacker team reported (between February 13th and March 13th).

San Francisco-based crypto exchange, Coinbase, Crypto.com, Electroneum, and Brave’s software all had various software bugs which could potentially be critical, the White hat hacker team noted.

$23,675 Handed Out As Compensation For Locating Software Bugs

Notably, some of the software vulnerabilities which were detected may not be directly related to problems with the actual blockchain and cryptocurrency platforms. For instance, the Brave browser software is not completely decentralized and certain vulnerabilities may be present in the platform’s supporting wallets or other third-party apps which were not created by the developers of Brave.

In total, security researchers only received $23,675 for finding the software vulnerabilities in these leading crypto and blockchain networks.

The developers of Tendermint’s software (which is reportedly used by Binance’s newly launched decentralized exchange) paid a total of $8,500 to security professionals that discovered the vulnerabilities in their platform’s codebase.

Only $1,375 In Bounties Awarded By Unikrn 

EOS’ development team paid $5,500 (in total) to developers who found bugs in the cryptocurrency network’s software. Meanwhile, the Unikrn team only gave out $1,375 to researchers for finding vulnerabilities in their platform’s codebase.

Notably, most of the vulnerability reports are kept confidential as they are not made public. However, the relatively low bounties handed out suggest that the security flaws may not have been critical.

Cayman Islands-registered Block.one, the initial developer of EOS, revealed that four (out of five) software bugs that were found in code associated with EOS was due to a buffer overflow problem. This vulnerability could potentially allow attackers to inject malicious scripts into EOS-related source code. According to Block.one, these issues have now been addressed.

Weekly Newsletter

Amazon Could Pull off Launching Libra, ‘Bitcoin Billionaires’ Author Argues

Ben Mezrich, the author of the “Bitcoin Billionaires” book, has argued that Amazon would be better than Facebook to launch the Libra cryptocurrency, as it’s more trusted than the social media giant.

Speaking on CNBC’s “Squawk Box,” Mezrich argued the project is “all about trust” as there “can’t be a new currency without people trusting it if you’re going to sit in the middle of it, and people don’t trust Facebook.”

The author, who also wrote “Accidental Billionaires,” a book that served as the bases to the movie “The Social Network,” argued it would make more sense for Amazon to be leading its own cryptocurrency project. He was quoted as saying:

I think that Amazon could pull this off because for whatever reason we all trust Amazon. We put our credit cards in there everyday.

Facebook has announced last month that it’s developing its own cryptocurrency, and that’ll it be launched next year. The cryptocurrency, Libra, is set to be backed by a basket of fiat currencies and U.S. Treasury securities.

The cryptocurrency itself will be managed by the Libra Association, a nonprofit based in Switzerland with various large companies represented in it. As covered, U.S. Congressman Warren Davidson recently implied the Libra is a shitcoin because it has a central entity behind it, unlike decentralized cryptos like bitcoin.

This month David Marcus, the head of Facebook’s team working on Libra, testified before Congress for two days, and received requests to halt the project until the government can look into it and regulate it. Marcus had to answer various tough questions during the hearings, including whether he would accept his salary in Libra.

Speaking to CNBC Mezrich noted he believes Amazon would be subject to less scrutiny than Facebook. Per his words regulators would be on top of Amazon’s plans, but “it wouldn’t be like this.”

The author added that Libra won’t be a true cryptocurrency because it’ll involve financial mediators. It could, he said, serve as an “on ramp” to bitcoin, helping those unfamiliar with the cryptocurrency ecosystem look into the flagship cryptocurrency.