43 Vulnerabilities Detected in Major Cryptocurrency Platforms: Report

Thirteen cryptocurrency and blockchain-related firms have received 43 different vulnerability reports in the past month - according to an investigation carried out by security researchers.

Between February 13th and March 13th, over 40 software bugs were detected and reported to Hacker One, a vulnerability disclosure platform. Various types of vulnerabilities were reportedly found in some of the world’s largest cryptocurrency networks including Brave, Coinbase, EOS, Monero (XMR), and Tezos.

White Hat Hackers Found Several Vulnerabilities In OmiseGo, Unikrn 

Unikrn, an Esports gambling platform that has issued its own cryptocurrency called Unikoin Gold, had the greatest number of vulnerabilities out of all blockchain companies. There were reportedly 12 different software bugs discovered in Unikrn’s source code. Meanwhile, the OmiseGo (OMG) platform, which aims to “enable financial inclusion and interoperability through the public, decentralized OMG network,” had at least six software glitches (as reported by the White hat hackers team).

EOS, one of the world’s largest platforms for creating decentralized applications (dApps), had five different vulnerabilities which were detected by hackers in the past 30 days. On March 12th, Chinese cybersecurity firm, SlowMist discovered a “false top-up” vulnerability which could potentially be exploited by attackers as they “can successfully deposit EOS to these platforms without transferring any EOS.” As noted by SlowMist’s researchers, crypto exchanges and wallets that support EOS could be affected by the false top-up bug.

Vulnerabilities Detected In Tezos, Monero, ICON, MyEtherWallet

The White hat hackers team also found four software bugs in Tendermint, a peer-to-peer (P2P) networking protocol and blockchain consensus algorithm. Decentralized prediction markets platform, Augur (REP) and Tezos, a “self-amending” cryptocurrency and blockchain network for deploying dApps, had at least three vulnerabilities in their respective codebases.

Monero (XMR), a leading privacy-oriented cryptocurrency platform, ICON (ICX), a platform that helps facilitate blockchain interoperability, and MyEtherWallet had two vulnerabilities (each) - which the White hat hacker team reported (between February 13th and March 13th).

San Francisco-based crypto exchange, Coinbase, Crypto.com, Electroneum, and Brave’s software all had various software bugs which could potentially be critical, the White hat hacker team noted.

$23,675 Handed Out As Compensation For Locating Software Bugs

Notably, some of the software vulnerabilities which were detected may not be directly related to problems with the actual blockchain and cryptocurrency platforms. For instance, the Brave browser software is not completely decentralized and certain vulnerabilities may be present in the platform’s supporting wallets or other third-party apps which were not created by the developers of Brave.

In total, security researchers only received $23,675 for finding the software vulnerabilities in these leading crypto and blockchain networks.

The developers of Tendermint’s software (which is reportedly used by Binance’s newly launched decentralized exchange) paid a total of $8,500 to security professionals that discovered the vulnerabilities in their platform’s codebase.

Only $1,375 In Bounties Awarded By Unikrn 

EOS’ development team paid $5,500 (in total) to developers who found bugs in the cryptocurrency network’s software. Meanwhile, the Unikrn team only gave out $1,375 to researchers for finding vulnerabilities in their platform’s codebase.

Notably, most of the vulnerability reports are kept confidential as they are not made public. However, the relatively low bounties handed out suggest that the security flaws may not have been critical.

Cayman Islands-registered Block.one, the initial developer of EOS, revealed that four (out of five) software bugs that were found in code associated with EOS was due to a buffer overflow problem. This vulnerability could potentially allow attackers to inject malicious scripts into EOS-related source code. According to Block.one, these issues have now been addressed.

Coinbase Commerce Now Lets Merchants Accept USD Coin (USDC)

On Monday (May 20), Coinbase announced that "Coinbase Commerce", which provides non-custodial cryptocurrency payment solutions, now allows businesses to accept fully dollar-collateralized stablecoin USDC.

History of USDC

As CryptoGlobe reported on 26 September 2018, "USDC Coin" (USDC for short) was launched on that day by Goldman-funded FinTech startup Circle Internet Financial (better known as "Circle"). This is a regulated fully-collateralized dollar-backed stablecoin that was originally announced on 16 May 2018. USDC is based on an open source fiat stablecoin framework developed and governed by the CENTRE project.

Circle said at the time that the problems with existing fiat-backed solutions (such as Tether's USDT) were that they "have lacked financial and operational transparency, have operated in unregulated jurisdictions with unknown banking and audit partners, and have been built as closed-loop ecosystems and closed proprietary technologies."

In contrast, Circle's USDC stablecoin deals with these issues by "providing detailed financial and operational transparency" and "operating within the regulated framework of US money transmission laws, reinforced by established banking partners and auditors." USDC tokens are ERC-20 compatible (meaning that they run on the Ethereum blockchain); they are minted, issued, and burnt/redeemed based on network rules defined by CENTRE. 

Coinbase's Previous Involvement With USDC

On 23 October 2018, Circle announced that Coinbase (another member of the CENTRE consortium) was making USDC available to its customers on Coinbase Consumer and Coinbase Pro, and that customers could "tokenize dollars into USDC and redeem USDC into dollars through both Circle and Coinbase."

Then, on May 14, Coinbase said via a blog post titled "Expanding USDC crypto trading globally" that:

  • It was making USDC trading available on Coinbase Consumer and Coinbase Pro in 85 countries.

  • It was doing this to help "accelerate the global adoption of crypto trading" and to provide wider access to "a stable store of value."

  • There are more than 300 million USDC tokens currently in circulation today, and that USDC is supported by 100+ ecosystem partners.

  • Stablecoins "have the potential to materially improve the lives of people in countries where inflation is eroding wealth." 

  • Coinbase serves customers in 103 jurisdictions.

Coinbase Commerce and USDC

Coinbase Commerce was launched on 14 February 2018. Coinbase described Coinbase Commerce as a new service that "enables merchants to accept multiple cryptocurrencies directly into a user-controlled wallet," and that in contrast to its previous merchant products, it was "not a hosted service, so merchants have full control of their own digital currency." Four cryptocurrencies were supported back then: Bitcoin (BTC), Bitcoin Cash (BCH), Ether (ETH), and Litecoin (LTC).

Coinbase Commerce can be "directly integrated into a merchant’s checkout flow or added as a payment option on an e-commerce platform." Initially, the only e-commerce platform supported was Shopify, but on 6 August 2018, support for WooCommerce was added.

Yesterday's blog post said that now Coinbase Commerce has added support for stablecoin USDC, thereby allowing "businesses to accept payments online in the same way they’re able to accept cash in-store." 

Here are a few things to note about Coinbase Commerce:

  • "Coinbase Commerce doesn’t charge any fees to process payments."
  • "Coinbase Commerce accounts are completely separate from Coinbase accounts."
  • "You can use the withdraw functionality to send cryptocurrency to an address associated with your Coinbase account."

Featured Image Credit: Photo via Pexels.com