While hardcore cryptocurrency enthusiasts often promote blockchain for its increased security, the technology is not perfect–and tons of vulnerabilities are often found in the code. Indeed, in 2018 alone, blockchain companies received at least 3,000 vulnerability reports.
Blockchain companies awarded $878,504 in bug bounties to hackers this year, according to statistics from the breach disclosure platform HackerOne. In mid-December, data was compiled. In contrast, the total amount of bug rewards in August was $600,000.
With a prize of $534,500, EOS creator Block.one accounts for over 60% of all receipts received in 2018. Here is the top three all-time chart for bug bounty rewards (please note that this includes pre-2018 bounties):
Block.one – $534,500
Coinbase – $290,381
TRON – $76,200
While the Coinbase cryptocurrency exchange desk is in second place (with $290,381 in bug bounties), a disclosure program has been in place since 2014. Block.one launched its EOS divulgation program in late May. Shortly thereafter, one hacker claimed $120,000 in Block.one bug bounties in less than a week.
“Nearly 4 percent of all bounties awarded on HackerOne in 2018 were from blockchain and cryptocurrency companies,” a HackerOne spokesperson told Hard Fork.
However, it seems that blockchain companies pay hackers slightly better than other industries on HackerOne.
“The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900.” the spokesperson added. “One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.”
HackerOne told Hard Fork that 64 blockchain companies are currently on its platform. Contextually, there are more than 2,000 different cryptocurrency companies. This means that the true number of vulnerabilities is probably much higher.
Just remember that this year, researchers found crippling vulnerabilities in both Bitcoin and Bitcoin Cash, the former of which is the oldest and most well established blockchain protocol. Reports earlier this year suggested that there were more than 34,000 vulnerable intelligent contracts in Ethereum projects alone.
Because of its immutability aspects, the severity of vulnerabilities on the blockchain is much more serious than in other centralized technologies, as transactions cannot be reversed (unless we talk about EOS or other systems with built-in backdoors).
Therefore, if you thought about betting on blockchain to keep your money safe, you might want to measure the risk.
Meanwhile, the $200,000 bounty of Augur for critical issues remains to be gained.
