Blockchain Firms Award Nearly $1 Million in Bug Bounties in 2018

While blockchain is immutable, tamper-proof and democratic by design, nothing is 100% secured, as evidenced by the nascent technology’s plethora of code vulnerabilities, of which 3,000 have so far been recorded in 2018, according to a recent report published by Hard Fork.

As cited by vulnerability coordination and bug bounty platform HackerOne, in 2018 alone, over $878,504 in bug bounties have so far been awarded to crypto hackers, based on data aggregated in December. In August, bug bounties have exceeded over $600,000, of which $534,500 have already been awarded, with Hong Kong cryptocurrency startup accounting for over 60 percent of the total bounty granted in 2018.

Among the crypto companies that have so far shelled out the most bug bounty includes, Coinbase, and TRON. While Coinbase has been running a disclosure program since 2014,, on the other hand, only launched its EOS disclosure program in May 2018. In less than a week thereafter, has awarded over $120,000 in bug bounty to a single hacker.

As a HackerOne spokesperson was quoted as stating in a report previously published by Hard Fork:

“Nearly 4 percent of all bounties awarded on HackerOne in 2018 were from blockchain and cryptocurrency companies.

Emphasizing the significant amount of bug bounty awarded by blockchain firms, he went on noting:

“The average bounty for all blockchain companies in 2018 was $1490, that is higher than the Q4 platform average of around $900,” the spokesperson added. “One of the top paid crypto hackers earned 7X the median software engineer salary in their country respectively.”

As it stands, out of over 2,000 currently existing blockchain and crypto firms, HackerOne only has 64 startups on its platform. This underscores the massive number of vulnerabilities that still remains largely unrecorded to this day.

In 2018, researchers have discovered multiple vulnerabilities both in Bitcoin as well as Bitcoin Cash. As previous reports also indicated, Ethereum-based projects possess roughly 34,000 vulnerable smart contracts.

This poses a major issue, as there is no way of reversing transactions on a blockchain, given the nascent technology’s immutable nature, unlike other centralized technologies. As such, it would be in the best interest of investors to do their due diligence and weigh the potential risks associated with storing their funds on a blockchain.