Topic: Can this Be The Solution To The Incessant Exchange hacks? - page 2. (Read 312 times)
I think this method can be used but unfortunately there are many exchanges that do not want to use bounty bugs like this because it costs too much, actually this can prevent hackers from getting loopholes, I also often find reports that there are some sites that still have gaps, but sometimes I also find it hard to believe that there is still a large stock market that was hacked like a dream
I doubt the problem is about bug. If they want you hacked, you will be hacked. The main problem is weakness in centralized exchanges and centralizion of fund. The exchange funds should be controlled by multiple people atleast or the funds should not be stored on single or few addresses. Besides, the whole centralization thing should be considered strange in crypto world and discouraged... We tell them "You are on your own if you decide to go that route". So, everybody using centralized platforms in this space should be aware of the risks.
There was a suggestion on the use of special withdrawal addresses controlled by multiple people for large funds. Once withdrawal is triggered, the funds are moved to the address and the owners can prove they own them and have their funds released. I wonder if this will work on centralized exchanges without problems
There was a suggestion on the use of special withdrawal addresses controlled by multiple people for large funds. Once withdrawal is triggered, the funds are moved to the address and the owners can prove they own them and have their funds released. I wonder if this will work on centralized exchanges without problems
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
I think it was a good idea and some of the cryptocurrency exchange has been doing that already, But sometimes our impressions might go wrong since there were some other theories that some of the hacking incident was just fruit of conspiracy from insiders. for me there were a lot of angles to be consider before making any conclusion. Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
This is a good idea but this can't put a stop to hacks because hackers don't need to jailbreak the exchange security, all they have to do is have access to a exchange team account, the problem is not always the exchange security most time its through the teams or even inside job 
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
its a good idea however it will not stop =/
the game of security is very hard, and probably the hackers are governments like china or korea
they have a lot of power and nothing can stop them
We can't assume that the government is involved in here, it is hard to tell if there will be no proof to provide.
Alot of exchanges have this program, Binance also has a bug bounty but it is still hacked. Therefore, these programs cannot completely solve the problem. Centralized exchanges will always be a big target for hackers, so they are never 100% secure
Especially when we are talking about the codes and there were so many possibilities to the new vulnerabilities will be discovered by the hackers. That's why to put more funds to hire more experts to maintain the security anytime is much better (this will cost a lot of money)The problem in the centralized exchange site was on its security. When it was not maintaining its security properly and there will be a lot of chance the vulnerabilities can be easily discovered.
Bug bounty is not a way to prevent but that is an additional way to get help from others to maintain the security of the exchange site itself.
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Well.. there is a catch. When an exchange gets hacked, they are not losing their own money. Most of the funds that get stolen belongs to the users. And that is also one of the reasons why the exchanges are somewhat complacent with the hacks. On the other hand, if they distribute the bu bounty, then the amount has to come from their own funds. And that is the problem. Not many of the exchange owners will be willing to spend their own money, in order to identify and eliminate the bugs.
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
its a good idea however it will not stop =/
the game of security is very hard, and probably the hackers are governments like china or korea
they have a lot of power and nothing can stop them
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Brilliant idea but not all of them will want to do it, actually if they can't its still not a problem, they can keep upgrading their security every month doing this will make things very hard for hackers
Yes this is a very good idea if this is in the campaign right then I'm sure people will look for the BUG loophole to win the race with huge rewards, but it's rarely done in large exchanges it is better they do it themselves and when there are hackers they have to take responsibility like Upbit they are ready the responsibility of the funds affected by hackers.
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Usually when at first they open exchange, they will held bug bounty too. But like i see on someone's post above me, maybe big exchange already confident with their security system and maybe that is what hacker use as advantage. Don't know actually what hacker do with site's security system but maybe that is what actually happen. 
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
It would be a good idea, but there are still so many considerations needed for the exchanges before they implement things such this. If they see this, it is indeed that they would prefer to pay bounty hunters than to lose millions of dollars, it is also to prevent having a holes in their security. 
If all the many who open a bug job bounty a programmer they would be in vain in their project. Not a bug problem to be able to hack like that. Because of their negligence as a programmer that is less than productive about maintaining the security of their systems. Not by opening their bug bounty into a solution so that no exchange is exposed to hackers anymore.
Good idea and workable. Large exchanges such as binance may already have pentesters to test the security of their exchanges very well, but sometimes they also do Bug bounties so others can find the slightest gap and close it. The prize is indeed quite large. But sometimes Exchange continues to be hacked and successfully broken into because there are insiders who have a section on the exchange that gives bugs to others. As is the case recently, Upbit lost 324k ETH, but the hacker mode is unknown.
Alot of exchanges have this program, Binance also has a bug bounty but it is still hacked. Therefore, these programs cannot completely solve the problem. Centralized exchanges will always be a big target for hackers, so they are never 100% secure
Maybe this is also a good idea to reduce the hack that happened lately.
But if we look at it, it could be that hacking is a drama by the exchange itself. Because how is it possible for a large exchange that runs millions of dollars to be hacked easily except just an insider game. It's like they didn't have any preparation when suddenly hacked.
But if we look at it, it could be that hacking is a drama by the exchange itself. Because how is it possible for a large exchange that runs millions of dollars to be hacked easily except just an insider game. It's like they didn't have any preparation when suddenly hacked.
legendary
Activity: 2716
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
besides, I think they have a team to look at the vulnerabilities that occur in an exchanger development. I don't think they will be half-formed in forming a team. other than that, I am pretty sure that the exchanger that currently exists is quite confident in their defense system.
Well, but for some new exchangers, I think doing this is worth it. more programmers looking for a bug are better than some people.
Well, but for some new exchangers, I think doing this is worth it. more programmers looking for a bug are better than some people.
The vast majority of exchanges already have lucrative bug bounties. They also have pentesters, security experts and more that are involved in ensuring there are no vulnerabilities.
However, if you actually look at how most exchanges are compromised, it is actually the rest of a high level employee account being subverted, which gives them some control over the hot wallets.
Alternatively, it's often an inside job, where money is snatched at the moment it becomes most vulnerable. These are not things you can really protect against if you want the exchange to have any reasonable withdrawal timeframe.
However, if you actually look at how most exchanges are compromised, it is actually the rest of a high level employee account being subverted, which gives them some control over the hot wallets.
Alternatively, it's often an inside job, where money is snatched at the moment it becomes most vulnerable. These are not things you can really protect against if you want the exchange to have any reasonable withdrawal timeframe.
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
i think thats a great idea
i have made some money bug hunting, its a completly viable career for blockchain enthusiaists imo. Hacks are the single biggest loss of crypto by farIn fact, last year Coinbase added a bug bounty on HackerOne, and AFAIK, they have paid out 10's of thousands for reported vulns since :O
I havent found any myself, but maybe one day haha
To discover the vulnerability is not easy as you said, not so many experts wanna participate in this campaign. Binance was doing bug bounty before it has stolen by the hackers. The effectiveness of the bug bounty still become the main question right now. You can see sometimes, the fault was coming from the internal of the exchange site itself, and I meant about a lot of scenario could happen anytime, especially for the insider job.
In that case, the bug bounty will not help a lot.
I believe if the majority of those exchange sites are ever getting hacked have done the bug bounty program.
In that case, the bug bounty will not help a lot.
I believe if the majority of those exchange sites are ever getting hacked have done the bug bounty program.
Jump to: