White hat hackers have detected over 40 bugs in blockchain and cryptocurrency platforms over the past 30 days, tech news outlet The Next Web (TNW) reported on March 14.
According to an investigation conducted by TNW, 13 blockchain- and cryptocurrency-related companies were hit with a total of 43 vulnerability reports from Feb. 13–March 13.
In the blockchain field, e-sports gambling platform Unikrn reportedly got the most vulnerability reports, amounting to 12 bugs. Unikrn is followed by OmiseGo developer, Omise, having received six bug reports. In third place is EOS, with five vulnerability reports.
Consensus algorithm and peer-to-peer (P2P) networking protocol Tendermint received four bugs. Tendermint is followed by decentralized prediction market protocol Augur and smart contractsplatform Tezos, with three each. Anonymity-focused cryptocurrency Monero, ICON, and MyEtherWallet reportedly saw two vulnerability reports each.
Major American crypto exchange Coinbase and the developer of blockchain browser Brave, Brave Software, reportedly received one vulnerability report each.
The hackers received a total of $23,675 dollars for their efforts, of which Tendermint contributed the most at $8,500. EOS gave $5,500 in rewards, while Unikrn awarded $1,375. TNW says that the low bounty amount suggests that the bugs were not critical.
In contrast, tens of thousands of dollars in bounties were handed out by EOS to white hat hackers who found critical vulnerabilities in its platform.
This week, major hardware wallets manufacturer Ledger unveiled vulnerabilities in its direct competitor Trezor’s devices. Among other issues, the Trezor device could purportedly be imitated by backdooring the device with malware and then re-sealing it in its box by faking a tamper-proof sticker, which is reportedly easy to remove.
Trezor subsequently responded to the claims, stating that none of the weaknesses revealed by Ledger are critical for hardware wallets. According to Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.”