Cryptocurrency transfers work because of the software developed by programmers like Satoshi Nakamoto and many other innovators along the way. As with all software, however, blockchain protocols are not perfect, and over the last decade black and white hat hackers have revealed many bugs. In 2018, developers earned over $878,000 in blockchain bug bounties by disclosing vulnerabilities. Moreover, two of the world’s largest digital asset networks avoided severe disruption thanks to responsible disclosure programs.
$878,000 Paid Out to Cryptocurrency Bounty Hunters in 2018
Cryptocurrency bounties and responsible disclosure programs have helped the digital asset economy a great deal in 2018. In the process, bounties have given programmers a way to score some extra cash by finding certain vulnerabilities within blockchain infrastructure. Reports stemming from the firm Hackerone detail that this year white hat hackers have acquired over $878,000 by participating in blockchain bounties. Furthermore, there are hundreds of thousands of dollars worth of cryptocurrency bounties that remain unclaimed. There are hundreds of available bounties started by members of the 2,000+ cryptocurrency projects in existence and it doesn’t seem like the trend is slowing down.
Hackerone says that the Eos blockchain project accounted for more than 60 percent of settled bounties this year. The San Francisco-based firm Coinbase delivered over $290,000 to programmers for disclosing bounties in 2018. Trailing in third place is the Tron (TRX) platform, which saw developers hand out $76,000 to individuals who revealed software vulnerabilities. Some blockchain bounties are also for building certain things like wallets and other applications that the team’s core developers cannot accomplish because of lack of skills or time restrictions.
“Nearly 4 percent of all bounties awarded on Hackerone in 2018 were from blockchain and cryptocurrency companies,” a Hackerone spokesperson explained in a recent interview.
The company representative continued by adding:
The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900. One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.
Responsible Disclosure Helped Two Very Large Blockchain Networks
In addition to all the bounties collected in 2018, two of the largest cryptocurrency networks avoided possible disruption thanks to responsible disclosure. In August, Bitcoin Core (BTC) developer Cory Fields disclosed a bug that could have given an attacker the ability to construct a malicious transaction, which could have been accepted by the Bitcoin Cash (BCH) client ABC 0.17.0 and mined into a block. At the time, blockchain developers said the bug could have caused an unintentional chain-split.
A similar exploit found on the BCH network was discovered and patched on the BTC network back in March 2013 at block height 225430. Earlier, on Aug. 15, 2010, after block height 74638 was mined, it was discovered that two addresses received 92.2 billion bitcoins each in an event that was dubbed the ‘value overflow incident.’ 2018 also saw another significant bug found in the Bitcoin Core reference client in September. The documented CVE-2018-17144 vulnerability was disclosed by the pseudonymous Bitcoin Cash developer “Awemany.” By risking a block reward (worth $80,000 at the time the bug was found) the attack could have introduced massive inflation, like the bugs found in 2010 and 2013. In a well-documented account of responsible disclosure for the silent inflation bug, Awemany explained he did the right thing because he thinks “fierce” competition is good but it still should be a “civil competition.”
Overall, blockchain bounties and disclosure programs have helped the cryptocurrency ecosystem a great deal and programmers are making money disclosing these weaknesses. After finding bugs and vulnerabilities and fixing them, it’s much harder for these networks to be attacked as a blockchain’s codebase becomes more robust with enhanced security over time. However, software bugs can be introduced during every client upgrade and may not be found until years later like CVE-2018-17144, which was introduced in 2016 to shave off some block validation time.
What do you think about responsible disclosure and the $878,000 worth of crypto bug bounties captured in 2018? Let us know what you think about this subject in the comments section below.
Images via Shutterstock, Pixabay, Star Wars, and Siteground.
Have you seen our widget service? It allows anyone to embed informative Bitcoin.com widgets on their website. They’re pretty cool, and you can customize by size and color. The widgets include price-only, price and graph, price and news, and forum threads. There’s also a widget dedicated to our mining pool, displaying our hash power.