According to reports published on HackerOne the foundations behind top ten cryptocurrencies TRON and EOS were active in January, paying out tens of thousands of dollars in rewards for their respective bug bounty programs.
HackerOne, which functions as a public forum for breach disclosure, revealed that during the month of January EOS.io, the company behind the development of the EOS token, had given out bounties for five “critical vulnerabilities,” totaling over $50,000 in rewards. While the specifics of the breach went unpublished, the $10,000 payout represents the highest amount awarded for discovered bugs via a bounty, indicating the severity of the undisclosed vulnerability.
On January 10, five white hat hackers on the EOS.io platform were awarded $40,750 in bounties, with another researcher claiming $10,000 the day after. The TRON Foundation was also responsible for paying out bug bounties during the month of January, with a reported four bounties being claimed for a total of $22,700. In addition, one of the bounties identified by the TRON Foundation was reported to be for a “critical” level vulnerability, again owing to the severity of what hackers and researchers often discover.
On one hand, users are applauding the liberal use of funds by development teams and foundations to ward of hacks and network exploitation, with the creation of “bug bounties” seen as a good way to both increase security and stimulate community engagement. However, some investors are alarmed by the quantity of critical bugs discovered in such a short span, leading some to question whether the present state of EOS warrants further inspection. For the entire calendar year of 2018, nearly $1 million in bug bounties were paid out to researchers, with EOS constituting over 60 percent of the rewards. Again, this could be further indication of the active community around EOS, with bug bounty hunters targeting the popularity of the coin and its extensive network usage as the fourth largest cryptocurrency to achieve the highest rate of return.
Bounty programs such as those implemented by TRON and EOS are not exclusive to cryptocurrency, with most companies in the tech and online commerce space relying upon the model for effective and cost efficient security testing. As opposed to facing legal repercussions, white hat hackers and security researchers are able to collect rewards for their efforts, while providing a beneficial service to companies looking to improve upon their security measures. Cryptocurrency, given its decentralized framework, has relied upon community input to improve security measures and performance. Larger coins such as TRON and EOS, with established development teams and foundations, have been able to divert some of their funds to rewarding hackers who can find flaws in their system.
Price valuation for EOS failed to see any appreciable change after the release of the report, other than a slight downtick affecting the entire market of cryptocurrency. TRON’s TRX coin also remained stable after news broke of the critical vulnerability discovered, again attesting to community and investor acceptance that bug bounties produce a largely net positive effect, despite being disconcerting of the level of security offered through the currencies.