An investigation by Hard Fork has revealed that cybersecurity researchers detected over 40 vulnerabilities in some blockchain and cryptocurrency platforms in the period between February 13 and March 13.
Using HackerOne, a security platform that connects organizations with white hat hackers, 43 reports on the bugs were sent to 13 organizations involved with cryptocurrency and blockchain technology.
Affected Cryptocurrency and Blockchain Platforms
MyEtherWallet, Tendermint, Tezos, Monero, Brave, and Coinbase are amongst the platforms that received the vulnerability reports. On the surface, none of the bugs were considered critical. However, some platforms received multiple vulnerability reports.
Unikrn, a gambling platform with a native cryptocurrency called Unicoin, topped the list of affected platforms with a total of 12 vulnerabilities. Having received six reports, Omise, the developers of the OmiseGo platform, were second on the list.
EOS and Tendermint received five and four bug reports respectively while three each were found on the Tezos and Augur platforms. Two vulnerabilities each were detected on MyEtherWallet, ICON, and Monero. Brave, Electroneum, Crypto.com, and Coinbase each received one bug report.
Types of Vulnerabilities Detected
With the exception of Block.one, the blockchain solutions provider behind EOS, none of the affected platforms made the details of the bug reports public.
Block.one attributed the vulnerabilities in four of the bug reports they received to the buffer overflow fault. The flaw is said to have made their software vulnerable to arbitrary code injection. The report on the said vulnerabilities, which have since been resolved, is available on hackerone.com.
The manner in which Block.one handled the reports is in line with the organization’s reputation as a blockchain business that champions the cause of white hat hackers. Hard Fork reported that Block.one tops the list of organizations that have paid the highest amounts in bounties to security researchers. As of December 30, 2018, Block.one had paid out a total of $534,500 to white hat hackers.
How the Security Researchers Were Rewarded
The white hat hackers were rewarded with $23,675 for their research work. This is a considerably low amount when the number of vulnerabilities reported is taken into account.
With respect to the value of bounties paid by the companies involved, Tendermint gave the security researchers $8,500 for their effort. Block.one also gave out $5,500 (the second highest bounty). Unikrn, in spite of the 12 reported bugs on the betting platform, rewarded the hackers with $1,375.
It is worth noting that the value of the bounties for seven of the reported vulnerabilities was not stated.
Based on the amounts paid in bounties to the white hat hackers, Hard Fork has suggested that it is unlikely that there were any critical security problems. This notwithstanding, such findings may gradually remove the perception that blockchains are 100% secure.