Can this Be The Solution To The Incessant Exchange hacks?

milewilda

legendary

Activity: 3094

Merit: 1127

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

No hacker would able to deal with such stuff.It will vary yet not anyone do have that pure heart or passionate enough to took up the deal.
Come to think that if you do able to see a security exploit then you do able to access on wallets or funds. Would you choose $100k reward over millions of usd? I dont think so.
Its a good suggestion though.

TRONTON

sr. member

Activity: 868

Merit: 252

the binding essence is that exchanges provide opportunities in general, and that will only lead to new problems that are more vulnerable, almost all large exchanges have committed bugs bounty, I believe it is indeed effective.

However, it is better if they offer a representative job to be employed internally because it will be more transparent to engage with insiders, and only compensate for public participation without having to publish the hackaton as often as possible.

Ridwan Fauzi

full member

Activity: 1330

Merit: 147

Quote from: upyem2k on December 04, 2019, 08:33:16 PM

Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.

Yeah I just thinking, why not hire someone who is truly an expert in this field so as when he find some bug they won't ever spread it is bug publicly.

Different when there is an exchange who held such an idea that you are mentioned, there will be many people who will know the bug and most likely the people who know it will try ti find about the bug and how to overcome it and have an intention to try hack an exchange, it will be worst.

Yamifoud

hero member

Activity: 2744

Merit: 517

★Bitvest.io★ Play Plinko or Invest!

I don't think we need this and supposedly to think that this is a solution for the unsolve hacking activities.

https://gbhackers.com/bug-bounty-program-organization/

Reading to this, it eventually gives realizations that all internet activities including applications are prone to any hacking scenario. It was too sad to know that but we are in the vulnerability already. We can build our own security by making monthly software maintenance rather than running this kind of activity cause it could still be hacked again and again.

danherbias07

legendary

Activity: 3108

Merit: 1115

Leading Crypto Sports Betting & Casino Platform

Offer a job to hackers. Grin

Give them something in return if they can hack the exchange. That way they would see the holes in their website.
Don't they do this? I do think they do.
Looking for the soft spot and then trying to break in. Afterwards, they will look for another move to secure it.
I do think they do maintenance day for that.

princecharles

copper member

Activity: 210

Merit: 1

Exchange hacks is actually a pressing issue as several cryptocurrency exchange has had their fair share of losses this year as a result of hackers. I personally don't believe that bug bounty would cause a substantial relieve to the exchange as it relates to hacking, this is because most hacking operations are conducted with the assistance of an insider who holds a key position in the exchange and has his account compromised. Bug bounty at best could uncover only minor issues which in most cases won't be necessary for hackers.

leowonderful

legendary

Activity: 1624

Merit: 1129

Bitcoin FTW!

Quote from: avikz on December 03, 2019, 02:02:45 AM

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

I absolutely agree with this; hacks are possible on almost any exchange platform even with the most well-engineered security protocols especially with hacks where people on the inside are somehow compromised, and a great solution for both the exchange's reputability and customer trust is to ensure there's a simple and direct way for customers to retrieve stolen funds.

Even with bug bounties present, it's still possible that some hackers pass up on whatever a bug bounty happens to be and go for the bigger and riskier target of a primary cold wallet or something of the sort, though I imagine most hackers will just cash in on the bug bounty. It's still a good idea to have some sort of a bug bounty reserved nevertheless IMO, as any sort of deterrent to hacking is good.

TastyChillySauce00

legendary

Activity: 2982

Merit: 1028

Leading Crypto Sports Betting & Casino Platform

Some popular exchanges already have this and for example binance. Try to look up their bug bounty program but the reality it doesn't work as expected because people have this thing called greediness and if they are wicked enough they will just prefer to use the security hole and steal the money rather than receiving the rewards which at this point can be considered pennies. You can't expect to hire some security expert and get done with it either because a security hole is really random.

upyem2k

jr. member

Activity: 448

Merit: 1

Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.

BChydro

hero member

Activity: 1426

Merit: 506

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward.

The exchanges have to take care of their security as the prime focus if not they will pay a big price and by giving a bounty to identify the bugs will not sort these hacks, you need to have a mandatory insurance for the funds held in any exchange and if that happens then the users will have the confidence to use the exchange and i hope with regulation these exchanges will take care of security if not they will have to face the consequences.

duuuuude

hero member

Activity: 938

Merit: 500

Larger companies with high turnover always have good defense and I still can't understand how hackers can gain access to the main hot wallet, this I have often the thought creeps in that there are unscrupulous exchange which, under the guise of hacking make a good profit.

aemma

copper member

Activity: 966

Merit: 14

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

I think there is more to this hack of a thing than they tell us or than we know. Just like many have stated, it could be an insider job or it could be a drama just to enrich themselves more or it could also be real. However, your idea about bug bounty is good as it will expose many vulnerabilities owing to the fact developers likes being rewarded for their skills and expertise; but some bug bounties might be successful while some might be an avenue to leverage on the exchange weakness or bugs. On the other hand, hosting such at that amount might be a herculean task, and thus my own suggestion, keep your funds off exchanges there is no security of funds more than that.

asus09

sr. member

Activity: 1344

Merit: 270

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Good opinion by giving reward for every one can hacked some exchange market, but how come is an exchange playing drama by announce their exchange hacked but other way the owner become richest person, is available with his cases exchange market hacked, I think many drama every years with talk exchange hacked and give negative statement for the public.

seoincorporation

legendary

Activity: 2982

Merit: 2681

Top Crypto Casino

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This isn't a new idea, some months ago Poloniex post a tweet about their bug bounty:

Quote

We do! We find it better to handle security reports via our HackerOne bug bounty program. You can easily create one on the hacker registration page: https://hackerone.com/users/sign_up. Please email [email protected] to get an invitation to our HackerOne bug bounty

Source: https://twitter.com/Poloniex/status/1163426618959978496

And if you found a bug in Coinbase, you can report it on this link: https://hackerone.com/coinbase

The issue here is the kind of hackers who find the bug, if it's a white hat hacker it will report the bug and get the bounty, but if the hacker is a black hat hacker then it will try to exploit the site.

Kotone

hero member

Activity: 1372

Merit: 503

Can be but I think it's already been implemented by the huge exchanges. Not just it is so easy to find a bug out of a very big system. I presume these exchanges conducted already these and some of them are paying also huge money to their securities or personnel who managed their network security. Maybe for soms new projects they can launch bug bounty like this but for big players such as Binance, Kucoin, Okex and many exchanges. They can always hire or pay someone to ease the pain of hacking.

Byakuga

member

Activity: 518

Merit: 28

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Its not always the security itself, most times its the teams fault, they can get hacked and through their info hackers will have access to every cold store wallets on the exchange, i am expecting dex to be better in 2020 but we will see

vanya.pronin.1983

member

Activity: 378

Merit: 10

Bug bounty, hackatons and tons of other things are taking place almost every month on different exchanges, but the problem is that it has brought nothing till now. Look at Binance, they are doing such things very often, but got hacked anyway.

drlukacs

sr. member

Activity: 854

Merit: 253

l0tt0.com

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This idea is really bad. because instead of using bounty hunters with no knowledge of code knowledge or security system issues, we can use that $ 100k to hire good programmers to check it out. $ 100k is too much to spend every month. I guess the creators of the security systems are cheaper than this, so this is not a really good plan and it only benefits the cheaters.

aioc

hero member

Activity: 2898

Merit: 567

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Some of the problems come from the negligence of the staff and not the script, organizing a bug bounty every month although costly, only bug exchanges can afford that big amount, and besides they already have their resident programmers to check everything is working.

avikz

legendary

Activity: 3080

Merit: 1500

Quote from: htsy585 on December 02, 2019, 07:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

Topic: Can this Be The Solution To The Incessant Exchange hacks? (Read 267 times)