Three blockchain researchers or bug hunters have become eligible for the Pwnie Awards this year. These awards are basically little toy ponies given out as recognition for their work to hackers and security researchers.
After having meticulously combed the blockchain networks for bugs or security breaches, these researchers are finally getting some acknowledgement of the great work they do. The “Best Cryptographic Attack” category has had two major nominations- Neha Narula, the MIT Digital Currency Initiative Director and Ethan Heilman, a researcher at Boston University for cracking IOTA’s hash function. Besides that, Bernard Mueller of ConsenSys is also likely to receive the “Most Innovative Research” Award for the work he’s done for enhancing the security of Ethereum Smart Contracts.
Narula and Heilman had earlier said that their feat with IOTA transactions had been managed in not more than a few minutes. They had discovered a method which was allowing direct thefts from user wallets and they figured it was because of IOTA’s execution of the hashing algorithm they had. The breach, noticed last year, has led IOTA to address the problem via a number of blog posts. However, vulnerabilities still remain as the failing hash function is still working in some areas of the IOTA platform, despite Narula and Heilman having plugged the existing exploitable attack vectors.
Mueller’s nomination comes because of his prolific research on the security of the Ethereum network. He has even introduced a new security tool known as Mythril in a paper titled “Smashing Smart Contracts for Fun and Real Profit”. The tool is meant to remove bugs that jeopardize the money in user wallets or the money in transactions and Mueller tries to address the problem of using old programming languages for new issues in the blockchain industry. He has also noted that today’s hackers are as smart as those in the days of the early internet and are also able to make real money out of this kind of work. By hacking a smart contract, instead of playing around like old hackers would in the absence of bug bounty programmes and zero-day vulnerabilities, they can make actual profits.