While hardcore cryptocurrant enthusiasts often propose blockchain for its increased security, the technology is not perfect – and there are often tons of vulnerabilities in the code. Indeed, the blockchain companies received at least 3,000 vulnerability reports in 2018 only.
According to statistics from the HackerOne violation disclosure platform, blockchain companies have allocated $ 878,504 of bugs in size to hackers this year. The data were completed in mid-December. On the contrary, the total sum of the bounty bugs assigned in August it was $ 600,000.
Here are the three best charts of all time when it comes to reward prizes for bugs (please note that includes prizes from before 2018):
- Block.one – $ 534,500
- Coinbase: $ 290,381
- TRON – $ 76,200
While Coinbase's cryptocurrency exchange desk comes in second place (with $ 290,381 in bonus bugs), it has released a dissemination program since 2014. Block.one launched its EOS disclosure program at the end of May. Soon after, only one hacker claimed $ 120,000 of bounty bugs from Block.one in less than a week.
"Almost 4% of all prizes received by HackerOne in 2018 came from blockchain and cryptocurrency companies," a HackerOne spokesperson told Hard Fork.
However, it seems that blockchain companies pay off hackers slightly better than other industries on HackerOne.
"The average size for all blockchain companies in 2018 was $ 1490, which is higher than the Q4 platform average of around $ 900," the spokesperson added. "One of the best hacker cryptographers has earned 7 times the median salary of software engineers in their country."
The problem of the blockchain bug is bigger than it looks
HackerOne told Hard Fork that there are currently 64 blockchain companies on its platform. For the context, there are more than 2,000 different cryptocurrency companies out there. This means that the actual number of vulnerabilities is probably significantly higher.
Keep in mind that researchers have discovered this year's disabling vulnerabilities in both Bitcoin and Bitcoin Cash – the first of which is Blockchain's oldest and most established protocol. At the start of this year, reports have suggested that there have been over 34,000 vulnerable smart contracts in projects based on Ethereum alone.
Because of its immutability aspects, the severity of blockchain vulnerabilities is much more severe than other centralized technologies, since it is not possible to reverse transactions (unless you talk about EOS or other systems with embedded backdoors).
So if you're thinking about betting on blockchain to keep your funds safe, you might want to measure risk.
Meanwhile, Augur's $ 200,000 for critical issues is still up for grabs. You can do a dig here.
Published December 30, 2018 at 07:00 UTC