43 Security Loopholes Found in Major Crypto Platforms
March 18, 2019 1:00 pm
Up to 13 cryptocurrency and blockchain platforms and companies have received reports of vulnerabilities in the past month. This investigation was carried out by security researchers.
Between Feb 13th to March 13th 2019, more than 40 software bugs were detected and reported to Hacker One, a platform which helps in disclosing software vulnerabilities. The alarming part of this whole verdict was that most of these loopholes and security risks were found in some of the largest cryptocurrency networks in the world including Coinbase, Brave, EOS, Monero (XMR) and Tezos.
Unikrn is a e-sports platform which issued its own cryptocurrency last year. The platform was found to have the most number of vulnerabilities out of all the affected blockchain companies. Unikrn’s source code alone had at least 12 different software bugs. Another company, OmiseGo (OMG) was reported to be affected with six software glitches discovered by White hat hackers. This platform intends to “enable financial inclusion and interoperability through the pub, decentralized OMG network.”
EOS, one of the largest platforms in the world for developing decentralized applications (dApps) found five vulnerabilities in its code, discovered by various hackers in the past 30 days. SlowMist, a Chinese cybersecurity firm reported a “false top-up” vulnerability on March 12th. This loophole allowed attackers to “successfully deposit EOS to these platforms without transferring any EOS.” It is speculated by the researchers that exchanges and wallets that support EOS could fall victim to this bug.
A team of White hate hackers found software bugs in Tendermint, a P2P networking protocol and blockchain consensus algorithm. Other platforms such as Augur (REP) and Tezos, a “self-amending” cryptocurrency and blockchain network for deploying dApps were also found with at least three vulnerabilities each.
Monero (XMR) a leading cryptocurrency platform and ICON (ICX), a service that offers blockchain interoperability and MyEtherWallet were found to suffer from two vulnerabilities each.
Cryptocurrency exchanges are also a part of the growing list of platforms with these vulnerabilities. Coinbase, Crypto.com, Electroneum and Brave were also found to be suffering from software vulnerabilities.
Considering the amount of vulnerabilities, the White hat hackers have received a mere $23,675 for their efforts. Meanwhile the EOS team paid $5,500 in bounties for finding bugs in their software. Unikrn, on the other had awarded only $1,375 for finding vulnerabilities.
Note that most of these discoveries haven’t been made public for confidentiality. The comparatively low bounties suggest that the bugs were not critical. However, this also raises the question that the lack of incentivized motivation can affect the motivation of security researchers to put in the time and effort to discover these vulnerabilities.
Given the state of the cryptocurrency market, the discovery of these loopholes may cause further loss in confidence among users and potential investors to stay away from digital currencies.