The White Hat Hackers have found a total of 40 plus vulnerability within past 30 days on blockchain and cryptocurrency platforms, according to a report on March 14.
The bugs appear not to be so serious at first look, according to an investigation. However, the investigation conducted by TNW mentions that nearly 13 companies related to blockchain and cryptocurrency were hit by almost 43 bugs from February 13 to March 13, as per reports which were presented to vulnerability disclosure platform Hacker One.
List of platforms that were affected includes Coinbase, Tezos, Monero, Brave and Block.one. In the field of the blockchain, Unikrn an e-sports gambling platform has apparently detected more bug reports which received almost 12 bugs. OmiseGo has detected around 6 vulnerability reports and is in second place. EOS is at the third place with almost 5 bug reports.
Tendermint, peer-to-peer (P2P) networking protocol and consensus algorithm has detected 4 bugs. Augur, which is a decentralized prediction market protocol follows Tendermint that has found 3 bug reports and so as Tezos smart contracts platform. Whereas Monero, MyEtherWallet and ICON have noticed two vulnerability reports each.
Major crypto exchange of American Coinbase and Brave blockchain browser, Brave Software has found one bug report each.
The White Hat hackers received a total amount of 23,675 dollars for their effort to find a bug of which Tendermint has paid more at $8,500 in rewards, and Unikrn has rewarded amount of $1,375.
There are few companies which are not so much involved with decentralized technology and so it might be possible that few of the bugs found are not related to their blockchain or cryptocurrency operations. This is the case for Brave browser.
EOS has distributed tens of thousands of dollars in rewards to white hat hackers who detected major vulnerabilities on its platform and has been the runner up by distributing 5500 dollars.
Over the weekend, important hardware wallet manufacturer Ledger revealed vulnerabilities directly over its competitor device Trezor. Apart from other issues, the Trezor device could be imitated by backdooring the device with malware and later selling it in its box by putting a tamper-proof sticker that is easy to remove.
In most cases, the vulnerability reports are not available in the public domain, and so the information remains unknown. Nevertheless, by observing over the bounties reward, there is a possibility of similar bugs and need not be concerned a lot about it.
However, Block.one has mentioned that the four bugs which were received are related to buffer overflow flaw which helped them to include arbitrary code. All the concerned flaws have been solved.
EOS has received the most vulnerability reports compared to other blockchain companies and is in the top chart and has distributed more than $500,000 in rewards and is the most generous supporter of security researchers.
Trezor has replied to the allegation and mentioned that the weaknesses disclosed by Ledger are not serious for hardware wallets and cannot be used remotely because the threats explained should be able to physically access the device, time, technical expertise and specialized equipment’s.