In the times of cryptocurrency and blockchain, major investors are feeling the heat for uncertainties and swinging of the prices. As per an investigation carried out by a security research firm, thirteen cryptocurrency and blockchain firms have around 43 vulnerabilities which may affect their efficiencies on a longer term.
As per the report, 40 software bugs were detected and reported to Hacker One between February and March. Hacker One is a vulnerability disclosure platform. This platform receives various kinds of vulnerabilities from crypto firms like Brave, Coinbase, EOS, Monero ( XMR ), and Tezos.
The cryptocurrency to get the highest number of vulnerabilities is Unikrn. Unikrn is an Esports gambling platform which has started issuing its own cryptocurrency named Unikoin Gold. This has got around 12 different software bugs which were found in Unikrn’s source code.
The OmiseGo platform also reportedly has six vulnerabilities. The OmiseGo platform aims to “enable financial inclusion and interoperability through the public, decentralized OMG network.”
EOS, which is quite famous for making decentralized apps (dApps) have got five vulnerabilities detected by hackers. Earlier this month, a Chinese cybersecurity firm, SlowMist discovered a vulnerability which has the potential to be exploited by the hackers as they “can successfully deposit EOS to these platforms without transferring any EOS.” The researchers at SlowMist’s noted that the exchanges supporting EOS also share the same vulnerability led by the false top-up bug.
The hackers also have reportedly found four software bugs in Tendermint. It is a peer-to-peer (P2P) networking protocol and blockchain consensus algorithm. Decentralized prediction markets platform, Augur (REP) and Tezos, a “self-amending” cryptocurrency and blockchain network for deploying dApps, were found with three vulnerabilities I in their source codes.
Monero (XMR), a leading privacy-oriented cryptocurrency platform, ICON (ICX), a platform that helps facilitate blockchain interoperability, and MyEtherWallet were found with two flaws in the source code. San Francisco-based crypto exchange, Coinbase, Crypto.com, Electroneum, and Brave’s software have been reported with a flaw each. The flaws reported could be potentially critical to the platform owing to the nature of transactions being done there.
It should be noted that all vulnerabilities reported are not directly linked with the actual blockchain and cryptocurrency platforms. For example, the Brave browser software is not completely decentralized, and some flaws might be there in the platform’s supporting wallets or other third-party apps.
The developers and hackers have received total pay of $23,675 for finding software vulnerabilities in leading crypto and blockchain networks.
The highest payout has been given by Tendermint’s software which paid a total of $8,500 to security professionals which found out the vulnerabilities in code bases of these companies.
EOS’ development team paid $5,500 to the hackers who discovered bugs in the cryptocurrency network’s software. And the Unikrn team only gave out $1,375 to researchers for getting vulnerabilities in their platforms’ codebase. It should be noted that most of the vulnerability reports have been kept confidential. However, the lower pay-out in terms of bounty suggests that the flaws reported were not critical.