43 Vulnerabilities Detected in Major Cryptocurrency Platforms: Report

Thirteen cryptocurrency and blockchain-related firms have received 43 different vulnerability reports in the past month - according to an investigation carried out by security researchers.

Between February 13th and March 13th, over 40 software bugs were detected and reported to Hacker One, a vulnerability disclosure platform. Various types of vulnerabilities were reportedly found in some of the world’s largest cryptocurrency networks including Brave, Coinbase, EOS, Monero (XMR), and Tezos.

White Hat Hackers Found Several Vulnerabilities In OmiseGo, Unikrn 

Unikrn, an Esports gambling platform that has issued its own cryptocurrency called Unikoin Gold, had the greatest number of vulnerabilities out of all blockchain companies. There were reportedly 12 different software bugs discovered in Unikrn’s source code. Meanwhile, the OmiseGo (OMG) platform, which aims to “enable financial inclusion and interoperability through the public, decentralized OMG network,” had at least six software glitches (as reported by the White hat hackers team).

EOS, one of the world’s largest platforms for creating decentralized applications (dApps), had five different vulnerabilities which were detected by hackers in the past 30 days. On March 12th, Chinese cybersecurity firm, SlowMist discovered a “false top-up” vulnerability which could potentially be exploited by attackers as they “can successfully deposit EOS to these platforms without transferring any EOS.” As noted by SlowMist’s researchers, crypto exchanges and wallets that support EOS could be affected by the false top-up bug.

Vulnerabilities Detected In Tezos, Monero, ICON, MyEtherWallet

The White hat hackers team also found four software bugs in Tendermint, a peer-to-peer (P2P) networking protocol and blockchain consensus algorithm. Decentralized prediction markets platform, Augur (REP) and Tezos, a “self-amending” cryptocurrency and blockchain network for deploying dApps, had at least three vulnerabilities in their respective codebases.

Monero (XMR), a leading privacy-oriented cryptocurrency platform, ICON (ICX), a platform that helps facilitate blockchain interoperability, and MyEtherWallet had two vulnerabilities (each) - which the White hat hacker team reported (between February 13th and March 13th).

San Francisco-based crypto exchange, Coinbase, Crypto.com, Electroneum, and Brave’s software all had various software bugs which could potentially be critical, the White hat hacker team noted.

$23,675 Handed Out As Compensation For Locating Software Bugs

Notably, some of the software vulnerabilities which were detected may not be directly related to problems with the actual blockchain and cryptocurrency platforms. For instance, the Brave browser software is not completely decentralized and certain vulnerabilities may be present in the platform’s supporting wallets or other third-party apps which were not created by the developers of Brave.

In total, security researchers only received $23,675 for finding the software vulnerabilities in these leading crypto and blockchain networks.

The developers of Tendermint’s software (which is reportedly used by Binance’s newly launched decentralized exchange) paid a total of $8,500 to security professionals that discovered the vulnerabilities in their platform’s codebase.

Only $1,375 In Bounties Awarded By Unikrn 

EOS’ development team paid $5,500 (in total) to developers who found bugs in the cryptocurrency network’s software. Meanwhile, the Unikrn team only gave out $1,375 to researchers for finding vulnerabilities in their platform’s codebase.

Notably, most of the vulnerability reports are kept confidential as they are not made public. However, the relatively low bounties handed out suggest that the security flaws may not have been critical.

Cayman Islands-registered Block.one, the initial developer of EOS, revealed that four (out of five) software bugs that were found in code associated with EOS was due to a buffer overflow problem. This vulnerability could potentially allow attackers to inject malicious scripts into EOS-related source code. According to Block.one, these issues have now been addressed.

Luxury Cars and $15 Million in Crypto Seized in Chinese Arbitrage Scam Bust

Michael LaVere
  • Chinese authorities seized $15M in crypto and several supercars following scam ring bust.
  • The group was allegedly operating an arbitrage scam that promised users fake Huobi Tokens. 

Chinese authorities have reportedly seized more than $15 million in crypto-assets and $2 million in supercars after busting up an arbitrage scam selling counterfeit tokens. 

According to a report by China’s Ministry of Public Security, police in the city of Wenzhou arrested 10 individuals connected to operating a fraudulent cryptocurrency scheme. The report claims the arbitrage group was scamming victims using blockchain smart contracts to generate fake cryptocurrencies. 

Following the bust, authorities seized bitcoin, ether, and tether worth over 100 million yuan ($15 million). The report also claims police seized several supercars, including a Ferrari and a McLaren valued at more than $2 million, in addition to the luxury villa in which the scammers were staying. 

The arrested individuals had reportedly operated a smart contract scheme since 2019, which advertised a blockchain product that claimed to generate Huobi’s native token HT. Unsuspecting consumers were promised the tokens would generate arbitrage opportunities worth a return of up to 8%. 

One victim, identified as Li in the report, first notified police after joining a Telegram group belonging to the scam artists. 

Li told authorities, 

Simply put, you send one unit of ETH to a designated address, you will receive 60 HT. And then you can sell it to gain the difference.

Featured Image Credit: Photo via Pixabay.com