Pages:
Author

Topic: Can this Be The Solution To The Incessant Exchange hacks? (Read 312 times)

legendary
Activity: 3094
Merit: 1127
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
No hacker would able to deal with such stuff.It will vary yet not anyone do have that pure heart or passionate enough to took up the deal.
Come to think that if you do able to see a security exploit then you do able to access on wallets or funds. Would you choose $100k reward over millions of usd? I dont think so.
Its a good suggestion though.
sr. member
Activity: 868
Merit: 252
the binding essence is that exchanges provide opportunities in general, and that will only lead to new problems that are more vulnerable, almost all large exchanges have committed bugs bounty, I believe it is indeed effective.

However, it is better if they offer a representative job to be employed internally because it will be more transparent to engage with insiders, and only compensate for public participation without having to publish the hackaton as often as possible.
full member
Activity: 1330
Merit: 147
Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.
Yeah I just thinking, why not hire someone who is truly an expert in this field so as when he find some bug they won't ever spread it is bug publicly.

Different when there is an exchange who held such an idea that you are mentioned, there will be many people who will know the bug and most likely the people who know it will try ti find about the bug and how to overcome it and have an intention to try hack an exchange, it will be worst.
hero member
Activity: 2828
Merit: 518
I don't think we need this and supposedly to think that this is a solution for the unsolve hacking activities.

https://gbhackers.com/bug-bounty-program-organization/

Reading to this, it eventually gives realizations that all internet activities including applications are prone to any hacking scenario. It was too sad to know that but we are in the vulnerability already. We can build our own security by making monthly software maintenance rather than running this kind of activity cause it could still be hacked again and again.
legendary
Activity: 3318
Merit: 1133
Leading Crypto Sports Betting & Casino Platform
Offer a job to hackers.  Grin
Give them something in return if they can hack the exchange. That way they would see the holes in their website.
Don't they do this? I do think they do.
Looking for the soft spot and then trying to break in. Afterwards, they will look for another move to secure it.
I do think they do maintenance day for that.
copper member
Activity: 210
Merit: 1
Exchange hacks is actually a pressing issue as several cryptocurrency exchange has had their fair share of losses this year as a result of hackers. I personally don't believe that bug bounty would cause a substantial relieve to the exchange as it relates to hacking, this is because most hacking operations are conducted with the assistance of an insider who holds a key position in the exchange and has his account compromised. Bug bounty at best could uncover only minor issues which in most cases won't be necessary for hackers.
legendary
Activity: 1624
Merit: 1130
Bitcoin FTW!

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

I absolutely agree with this; hacks are possible on almost any exchange platform even with the most well-engineered security protocols especially with hacks where people on the inside are somehow compromised, and a great solution for both the exchange's reputability and customer trust is to ensure there's a simple and direct way for customers to retrieve stolen funds.

Even with bug bounties present, it's still possible that some hackers pass up on whatever a bug bounty happens to be and go for the bigger and riskier target of a primary cold wallet or something of the sort, though I imagine most hackers will just cash in on the bug bounty. It's still a good idea to have some sort of a bug bounty reserved nevertheless IMO, as any sort of deterrent to hacking is good.
legendary
Activity: 3010
Merit: 1028
Leading Crypto Sports Betting & Casino Platform
Some popular exchanges already have this and for example binance. Try to look up their bug bounty program but the reality it doesn't work as expected because people have this thing called greediness and if they are wicked enough they will just prefer to use the security hole and steal the money rather than receiving the rewards which at this point can be considered pennies. You can't expect to hire some security expert and get done with it either because a security hole is really random.
jr. member
Activity: 448
Merit: 1
Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.
hero member
Activity: 1426
Merit: 506
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward.
The exchanges have to take care of their security as the prime focus if not they will pay a big price and by giving a bounty to identify the bugs will not sort these hacks, you need to have a mandatory insurance for the funds held in any exchange and if that happens then the users will have the confidence to use the exchange and i hope with regulation these exchanges will take care of security if not they will have to face the consequences.
hero member
Activity: 938
Merit: 500
Larger companies with high turnover always have good defense and I still can't understand how hackers can gain access to the main hot wallet, this I have often the thought creeps in that there are unscrupulous exchange which, under the guise of hacking make a good profit.
copper member
Activity: 966
Merit: 14
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

I think there is more to this hack of a thing than they tell us or than we know. Just like many have stated, it could be an insider job or it could be a drama just to enrich themselves more or it could also be real. However, your idea about bug bounty is good as it will expose many vulnerabilities owing to the fact developers likes being rewarded for their skills and expertise; but some bug bounties might be successful while some might be an avenue to leverage on the exchange weakness or bugs. On the other hand, hosting such at that amount might be a herculean task, and thus my own suggestion, keep your funds off exchanges there is no security of funds more than that.
sr. member
Activity: 1344
Merit: 270
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Good opinion by giving reward for every one can hacked some exchange market, but how come is an exchange playing drama by announce their exchange hacked but other way the owner become richest person, is available with his cases exchange market hacked, I think many drama every years with talk exchange hacked and give negative statement for the public.
legendary
Activity: 3346
Merit: 3125
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This isn't a new idea, some months ago Poloniex post a tweet about their bug bounty:

Quote
We do! We find it better to handle security reports via our HackerOne bug bounty program. You can easily create one on the hacker registration page: https://hackerone.com/users/sign_up. Please email [email protected] to get an invitation to our HackerOne bug bounty

Source: https://twitter.com/Poloniex/status/1163426618959978496

And if you found a bug in Coinbase, you can report it on this link: https://hackerone.com/coinbase

The issue here is the kind of hackers who find the bug, if it's a white hat hacker it will report the bug and get the bounty, but if the hacker is a black hat hacker then it will try to exploit the site.
hero member
Activity: 1372
Merit: 503
Can be but I think it's already been implemented by the huge exchanges. Not just it is so easy to find a bug out of a very big system. I presume these exchanges conducted already these and some of them are paying also huge money to their securities or personnel who managed their network security. Maybe for soms new projects they can launch bug bounty like this but for big players such as Binance, Kucoin, Okex and many exchanges. They can always hire or pay someone to ease the pain of hacking.
member
Activity: 518
Merit: 28
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Its not always the security itself, most times its the teams fault, they can get hacked and through their info hackers will have access to every cold store wallets on the exchange, i am expecting dex to be better in 2020 but we will see
member
Activity: 378
Merit: 10
Bug bounty, hackatons and tons of other things are taking place almost every month on different exchanges, but the problem is that it has brought nothing till now. Look at Binance, they are doing such things very often, but got hacked anyway.
sr. member
Activity: 854
Merit: 253
l0tt0.com
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
This idea is really bad. because instead of using bounty hunters with no knowledge of code knowledge or security system issues, we can use that $ 100k to hire good programmers to check it out. $ 100k is too much to spend every month. I guess the creators of the security systems are cheaper than this, so this is not a really good plan and it only benefits the cheaters.
hero member
Activity: 2926
Merit: 567
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Some of the problems come from the negligence of the staff and not the script, organizing a bug bounty every month although costly, only bug exchanges can afford that big amount, and besides they already have their resident programmers to check everything is working.
legendary
Activity: 3080
Merit: 1500
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!
Pages:
Jump to: