Here’s How Hackers Made Nearly $1 Million from not Stealing
HackerOne, a bug bounty platform that allows companies to test their security with ethical hackers, has announced that nearly $1,000,000 has been collected from blockchain companies as of December 30, 2018.
Blockchain Has Bugs Too
While blockchain technology is regarded in many people’s eyes the solution to problems that plague key industries, technology is still technology and requires debugging. With the concept of cryptocurrency only coming into existence a decade ago, there are still lots of issues companies are working out.
As demand for cryptocurrency increase, demand for someone or a service that can patch vulnerabilities increases as well. Critical bugs that would allow hackers to manipulate transactions and the like are more severe in this space due to cryptocurrency’s generally decentralized nature.
Since transactions are typically irreversible, it makes it hard to not only track where stolen funds have gone but to do anything about it as well. Outside of a network-wide hardfork to an earlier time on the blockchain, there’s not much one can do if they wake up to their funds stolen.
Big Bucks for Bugs
Both companies new and old are devoting serious money into their bug bounty program. Coinbase has had a program running since 2014 and is the second largest blockchain company handing out bounties on the platform.
The first would be Block.one, the same team behind EOS. While their bug bounty program for EOS only launched in May 2018, The bounties they handed out accounted for 60 percent of bounties this year.
While only 4 percent of bounties are from crypto-related companies further highlights the considerable demand in comparison with other sectors. With only 64 crypto companies listed on the platform, amount of bounties and dollars distributed are expected to go up as more join the platform. Each cryptocurrency represents a potential “company” that could join the platform, as well as other traditional businesses.
According to research conducted earlier this year, there’s suggested to be over 34,000 vulnerable, smart contracts in Ethereum alone which would give hackers plenty to work with. Furthermore, the average bounty within crypto compensated the hackers better as well.
Bounties averaged around $1490, much higher than the Q4 average of $900 for the platform. A spokesperson for HackerOne even reported that one of the top paid crypto hackers earned 7x that of a similar software engineer in their country.