As per reports from the tech news outlet, The Next Web (TNW) on March 1 white hat hackers have detected over 40 bugs in blockchain and cryptocurrency platforms in the the past 30 days. According to an investigation conducted by TNW, in the time between February 13th to the 13th of March, 13 blockchain- and cryptocurrency-based companies were hit with a total of 43 vulnerability reports from Feb. 13–March 13.
The worst of the lot, in the blockchain field, was e-sports gambling platform Unikrn who reportedly got the most vulnerability reports, amounting to 12 bugs. On Unikrn’s heels, is OmiseGo developer, who received six bug reports. The third place has been claimed by EOS, who has five vulnerability reports.
Consensus algorithm and peer-to-peer (P2P) networking protocol Tendermint received four bugs. Tendermint is followed by decentralized prediction market protocol Augur and smart contracts platform Tezos, each of the three each. Anonymity-focused cryptocurrency Monero, ICON, and MyEtherWallet reportedly saw two vulnerability reports each.
Major American crypto exchange Coinbase and the developer of blockchain browser Brave, Brave Software, reportedly received one vulnerability report each.
The hackers received a total of $23,675 dollars for their efforts, of which Tendermint contributed the most at $8,500. EOS gave $5,500 in rewards, while Unikrn awarded $1,375. TNW says that the low bounty amount suggests that the bugs were not critical.
In contrast, tens of thousands of dollars in bounties were handed out by EOS to white hat hackers who found critical vulnerabilities in its platform.
This week, major hardware wallets manufacturer Ledger unveiled vulnerabilities in its direct competitor Trezor’s devices. Among other issues, the Trezor device could purportedly be imitated by backdooring the device with malware and then re-sealing it in its box by faking a tamper-proof sticker, which is reportedly easy to remove.
Trezor subsequently responded to the claims, stating that none of the weaknesses revealed by Ledger are critical for hardware wallets. According to Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.”