White hat hackers have found more than 40 bugs in blockchain and cryptocurrency platforms in the past 30 days, according to an investigation by Hard Fork. There is a silver lining though: none of the vulnerabilities appear to be particularly serious at first glance.
Thirteen companies dealing with cryptocurrency and blockchain tech received a total of 43 vulnerability reports in the period between February 13 and March 13, as per bug reports submitted to vulnerability disclosure platform Hacker One.
Among others, the list of affected platforms includes Coinbase, EOS issuer Blockne, Tezos, Brave, and Monero.
Who’s got the most blockchain kinks?
Esports gambling platform Unikrn (which also has its own cryptocurrency called Unikoin Gold) received the most vulnerability reports out of any company in the blockchain sector, with 12 bugs flagged via its disclosure program. OmiseGo developer Omise came in second with six received bug reports, followed by EOS with five.
Blockchain consensus protocol Tendermint received four bug reports, followed by Augur and Tezos with three each; Monero, ICON, and MyEtherWallet received two vulnerability reports each too. The remainder of vulnerabilities were found in cryptocurrency exchange Coinbase, Cryptoom, Electroneum, and Brave Software (developer of the semi-centralized “decentralized” Brave browser), each of which received one bug report.
It’s worth noting that some of these companies are only marginally involved with decentralized technology, so it’s possible some of these kinks might be unrelated to their cryptocurrency and blockchain functionalities. This appears to be the case for Brave browser.
Most generous bounty givers
Despite the high number of reported bugs, security researchers received a total of $23,675 for their efforts. For the record, seven of the 43 vulnerability reports didn’t mention the value of the bounty awarded.
For a change , EOS wasn’t the company that accounted for the biggest chunk of all bounties distributed.
Indeed, Tendermint (which will reportedly powers Binance’s decentralized exchange desk ) led the chart, having handed out a total $8,500. EOS was the runner-up with $5,500 – which is a big improvement from the $120,000 it once awarded to a clever security researcher who found a series of flaws in its platform .
Despite having received 12 bug reports, Unikrn distributed a total of $1,375 in bug bounties.
What kind of bugs are we talking about?
As is often the case, most of these vulnerability reports are closed off from the public, so the details remain unknown. However, judging by the low bounties rewarded, chances are the identified flaws weren’t a huge cause for concern.
Notably, Blockne has revealed that four (out of the five) bugs it received had to do with a buffer overflow flaw , which made it possible to inject arbitrary code. All of these shortcomings have since been resolved.
Still though, EOS remains among the blockchain companies with the most received vulnerability reports – and with over $500,000 in bounties handed out, the most generous patron of security researchers.
Did you know? Hard Fork has its own stage at TNW2019 , our tech conference in Amsterdam. Check it out .
Moonday Mornings: Coinbase stored 3,420 passwords in plain text
Welcome to Moonday Mornings, Hard Fork’s wrap-up of cryptocurrency and blockchain news from the past few days.
Let’s not waste anymore time, check it out.
1. Around 3,420 Coinbase customers have allegedly been affected by a bug on the exchange’s sign up page, which resulted in user passwords being stored in plain text on “internal server web logs.” The cryptocurrency exchange began emailing the affected customers to make them aware of the situation, it said in a blog post late last week .
2. A delegation from the US House of Representatives is due to meet with authorities in Switzerland this week to discuss digital currencies, in particular Facebook’s Libra. Tensions are likely to be high as democrat Maxine Waters, the banking committee president, is leading the delegation. Waters has so far been highly critical of the Libra project and its relationship with Switzerland, citing money laundering concerns, local news NZZamSonntag reports .
3. Binance CEO Changpeng Zhao expects the US version of the cryptocurrency exchange to go live “within a month or two.” Speaking in an interview with Cheddar last week, CZ also said that there were still a lot of things in flux, though. It appears uncertainties in the regulatory space are cause for CZ’s biggest concerns, “But we’re willing to try” he added.
4. The Australian Tax Office has reportedly sent letters to cryptocurrency investors who have put large amounts of their retirement funds into the digital assets, CoinDesk reports . It seems to be taking a leaf out of the US Internal Revenue Service’s (IRS) book .
5. Got a bit more time on your hands? Check out this long read about how terrorists are turning to Bitcoin to fund their campaigns.
The militant Palestinian group, Hamas, has grown increasingly sophisticated in its use of Bitcoin as a fundraising mechanism this year. “You are going to see more of this,” said Yaya Fanusie, a former analyst with the Central Intelligence Agency told New York Times.
Moonday Mornings: Bithumb hacked for $19M, SEC delays Bitcoin ETF decision again, and more
It’s another week which means it’s time for another wrap up of the weekend’s blockchain and cryptocurrency news.
Let’s get to it.
1. South Korean cryptocurrency exchange Bithumb has been hacked for the third time in two years, reports ZDNet . Hackers are thought to have made off with around $19 million worth of cryptocurrency in EOS and XRP.
2. The Securities and Exchange Commission (SEC) made a decision last Friday which will further delay a final ruling on the Bitwise and VanEck Bitcoin ETFs, CoinDesk reports . The SEC now has until May 16 to make a decision on the proposals.
3. In a statement released over the weekend, TRON‘s founder, Justin Sun has vowed to support Japanese laws and is denouncing any gambling dapps on the platform that specifically target the Japanese market, Trustnodes reports.
4. Trading in unlicensed security tokens in Hong Kong is now likely to be a criminal offense. The Hong Kong Securities and Futures Commission released a statement last week that declared “Security Tokens are likely to be ‘securities’… and so subject to the securities laws of Hong Kong.”
5. Japan‘s biggest rail travel operator is potentially eyeing Bitcoin as a payment option for its transport cards, Cointelegraph reports . There are no concrete plans as yet, but rail travelers could have the option to top-up their travel cards with cryptocurrency.
Did you know? Hard Fork has its own stage at TNW2019 , our tech conference in Amsterdam. Check it out .