Five Critical Vulnerabilities Discovered in EOS in 2019, HackerOne Data Shows

Published at: Feb. 5, 2019

EOS.io, the company responsible for the development of fourth-largest crypto by market cap EOS, has handed over bug bounties for five critical vulnerabilities this year. Public activity on breach disclosure platform HackerOne revealed the bounties.

On Jan. 10, $40,750 was awarded to five white hat hackers on the platform by EOS.io, and the day after, another researcher received a $10,000 bounty. Five of those bounties are equivalent to $10,000 each, which is the highest possible payout reserved by the company only for the most critical vulnerabilities.

The Tron Foundation, the company behind the cryptocurrency Tron, also awarded four bounties in January — one of them for the most critical level of bugs — spending $22,700 in total.

Vulnerabilities have also been already discovered in other crypto companies this year. Namely, two bounties have been awarded by Cobinhood and one by Coinbase for bugs found in the low vulnerability tiers.

All of the vulnerability reports that have been awarded a bounty cited in this article are undisclosed, and the details of the vulnerabilities discovered are not public.

EOS has kept its price stable on the day at press time, losing only about half of a percent of its value in the past 24 hours and trading at $2.40.

As Cointelegraph reported in December last year, researchers were awarded $878,000 in 2018, with EOS.io being reportedly responsible for 60 percent of all the bounties handed out over the whole year.

China recently released its latest government-sponsored rankings of major cryptocurrencies. In this report, EOS kept its top spot, while Bitcoin (BTC) came in 15th.

Tags
Eos
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
PIVX, Possibly Other PoS Chains Vulnerable to Bug, Attackers Profit
Private transactions cryptocurrency PIVX and over 200 other blockchains are vulnerable to attackers obtaining disproportionately high staking rewards. A major staking vulnerability Cryptocurrency consulting firm Lunar Digital Assets claimed in a post published on its website on Aug. 12 that a staking vulnerability is being used across PIVX and its forks. The weakness reportedly allows the attacker to obtain mathematically impossible staking rewards on vulnerable proof-of-stake (PoS) chains. According to the post’s author, the PIVX development team claimed to have solved the issue in January. Nonetheless, a core developer of PoS altcoin BitGreen (BITG) noticed that the vulnerability in question …
Blockchain / Aug. 13, 2019