There has been a sharp increase in payouts from cryptocurrency bug bounties. Major platforms Coinbase, EOS, Stellar, and Augur have all recently rewarded hackers (the good kind) handsomely for discovering security flaws.
Notably, Blockne – the company behind EOS – paid out bug bounties worth more than $60,000 over the past week. Six of those bounties were labeled as ‘critical threats,’ earning rewards of $10,000 each – the maximum amount currently offered for discovering individual kinks in EOS.
With this week’s bounties, Blockne has awarded a total of more than $500,000 to bug-hunting hackers since launching in May this year.
Decentralized betting platform Augur, which runs on Ethereum, joined in with a $500 bounty payout . Popular blockchain Stellar also rewarded researchers for two separate security fixes in the past week.
Coinbase, one of the world’s largest cryptocurrency exchanges, too gave out its fair share . It dished out six bounties themselves – one in particular was worth a hefty $4,200 .
Unfortunately, this latest batch of vulnerability reports remain undisclosed. This makes it especially difficult to tell what the security vulnerabilities involve.
Incentivizing white-hat hackers
The crowdsourcing of security researchers has really become standard for the cryptocurrency industry. In particular, HackerOne has become a hub for the internet’s hackers, incentivized to fix critical bugs in blockchain projects rather than exploit them.
The opportunity is certainly there. Shortly after EOS launched its bounty program, one hacker claimed $120,000 for discovering bugs in just one week .
By August, it had paid security researchers more than $417,000 in rewards. It shouldn’t be surprising, then, that EOS bounties make up roughly two-thirds of all payouts in 2018.
The ugly truth is that as long as there are (human) smart contract coders, there will be security flaws . The sad part is that often, early adopters of the decentralized internet are punished for the poor coding practices of newbie blockchain devs.
We’re seeing this in real time. Earlier this week, hackers stole $58,000 directly from users of “decentralized” EOS asset exchange Newdex. This is because its developers chose not to use any smart contracts in the Newdex dApp, of all things.
Still, the collateral damage that comes with shitty code, though, is inevitably decided by what kind of hacker discovers it first. Luckily for Coinbase, EOS, Stellar, and Augur – for this past week, it’s been the good kind.
The awfully patronizing guide to having a merry crypto-Christmas
As we’re wrapping up 2018, it’s clear it wasn’t the breakout year for cryptocurrency and blockchain that many enthusiasts hoped it would be.
True, the market has dipped significantly in comparison to last December, but this doesn’t mean that you shouldn’t enjoy Christmas the way Satoshi Nakamoto would’ve wanted you to.
To get you started, we’ve prepared a list of services that accept cryptocurrency so you can plan your own ultimate crypto-Christmas and winter holidays.
Planning trips
For those of you that prefer to spend the holiday season away from home, the first step would be finding a travel agency that will take your coins.
Fortunately, there are already a number of airlines that support cryptocurrency payments. CheapAirom has been accepting Bitcoin since 2013, and has since expanded its payment options with Litecoin, Bitcoin Cash, and Dash.
Expedia, BTCtriom, Destiniaom, Japan’s Peach Aviation, Claifornia’s Surf Air, and Latvia’s airBaltic are also crypto-friendly alternatives .
As far as booking accommodation goes, giants Airbnb and Bookingom are still reluctant, but there are other alternatives you can resort to.
CryptoCribs is one of those. The service works the same way as Airbnb, but you can pay in Bitcoin or Ethereum. Needless to say, there are other blockchain-powered booking services, but some of them might require you to buy their token first – and frankly, that’s a hassle. With CryptoCribs, you can simply use the Bitcoin and Ethereum you already have.
Wining and dining
Now that your travel arrangements are all taken care of, you probably want to grab a bite – and perhaps mix it with a beverage of your choice.
Unfortunately, buying food with cryptocurrency is much more difficult than booking trips. While you will find small and medium businesses accepting coins everywhere in the world, these are far and few between. You can check out CoinMap for such locations, but you might have to compromise in the end – and just use hard cash.
If you do indeed end up needing some cash, you can consult with CoinATMRadar for the closest cryptocurrency-enabled cash point around you.
There is also the option to use cryptocurrency gift cards and coupons, but we wouldn’t recommend that method considering how wildly unregulated this whole sub-space is.
Gifts for your loved ones
It might be annoying, but you will also have to think about getting some Christmas presents for your loved ones.
The good thing is that, since most stores don’t accept cryptocurrency payments yet, you won’t have to waste hours browsing for appropriate gifts – and simply pick what’s available. If someone complaints about your crappy gift choices, tell them the truth: “It’s the gesture that matters.”
Anyhow, online retailer Overstock supports payments in Bitcoin – and if you get really lucky, you might even make some profit by using their service. There are also tons of Shopify merchants who will be willing to take your cryptocurrency too.
And if you’re struggling to find the right present, you can always give your loved ones the gift of porn – and get them a premium subscription to Pornhub. Everyone watches porn (though it turns out nobody really pays for porn with cryptocurrency).
Decorations
Of course, it wouldn’t be a real crypto-Christmas unless you adorn your entire apartment (or hotel room) with blockchain-themed ornaments.
Etsy has got you covered tho. The online retailer has tons of merchants offering blockchain swag you can repurpose as Christmas decorations.
A good alternative for the lazy blockchain purists would be to visit your local hardware store and buy some chains to use as garlands – no better way to let your neighbors know you’re a real block(chain)head.
Hackers pocketed $878,000 from cryptocurrency bug bounties in 2018
While hardcore cryptocurrency enthusiasts often tout blockchain for its heightened security , the technology is not perfect – and there are often tons of vulnerabilities in the code. Indeed, blockchain companies have received at least 3,000 vulnerability reports in 2018 alone.
According to stats from breach disclosure platform HackerOne, blockchain companies awarded $878,504 in bug bounties to hackers this year. The data was compiled in mid-December. By contrast, the total sum of bug bounties awarded by August was $600,000 .
With $534,500 awarded, EOS creator Blockne accounts for more than 60 percent of all bounties handed out in 2018.
Here is the top three all-time chart when it comes to bug bounty rewards (please note this includes bounties from before 2018):
Blockne – $534,500
Coinbase – $290,381
TRON – $76,200
While cryptocurrency exchange desk Coinbase comes in second (with $290,381 in bug bounties), it’s been running a disclosure program since 2014. Blockne launched its disclosure program for EOS at the end of May. Shortly after that, one single hacker claimed $120,000 in bug bounties from Blockne in less than a week.
“Nearly 4 percent of all bounties awarded on HackerOne in 2018 were from blockchain and cryptocurrency companies,” a HackerOne spokesperson told Hard Fork.
Still, it seems blockchain companies remunerate hackers slightly better than other industries on HackerOne.
“The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900.” the spokesperson added. “One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.”
The blockchain bug problem is bigger than it seems
HackerOne told Hard Fork there are currently 64 blockchain companies on its platform at present. For context, there are more than 2,000 various cryptocurrency companies out there. This means the real number of vulnerabilities is likely significantly higher.
Just keep in mind that researchers found crippling vulnerabilities in both Bitcoin and Bitcoin Cash this year – the former of which is blockchain‘s oldest and most well-established protocol out there. Earlier this year, reports suggested there were more than 34,000 vulnerable smart contracts in Ethereum-based projects alone.
Due to its immutability aspects, the severity of vulnerabilities on the blockchain is much more serious than in other centralized technologies, since there is no way of reversing transactions (unless we’re talking about EOS or other systems with built-in backdoors ).
So if you were thinking about betting on blockchain to keep your funds safe, you might want to measure the risk.
In the meantime, Augur’s $200,000 bounty for critical issues is still up for grabs. You can take a dig at it here .