Can this Be The Solution To The Incessant Exchange hacks?

milewilda

legendary

Activity: 3094

Merit: 1127

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

No hacker would able to deal with such stuff.It will vary yet not anyone do have that pure heart or passionate enough to took up the deal.
Come to think that if you do able to see a security exploit then you do able to access on wallets or funds. Would you choose $100k reward over millions of usd? I dont think so.
Its a good suggestion though.

TRONTON

sr. member

Activity: 868

Merit: 252

the binding essence is that exchanges provide opportunities in general, and that will only lead to new problems that are more vulnerable, almost all large exchanges have committed bugs bounty, I believe it is indeed effective.

However, it is better if they offer a representative job to be employed internally because it will be more transparent to engage with insiders, and only compensate for public participation without having to publish the hackaton as often as possible.

Ridwan Fauzi

full member

Activity: 1330

Merit: 147

Quote from: upyem2k on December 04, 2019, 07:33:16 PM

Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.

Yeah I just thinking, why not hire someone who is truly an expert in this field so as when he find some bug they won't ever spread it is bug publicly.

Different when there is an exchange who held such an idea that you are mentioned, there will be many people who will know the bug and most likely the people who know it will try ti find about the bug and how to overcome it and have an intention to try hack an exchange, it will be worst.

Yamifoud

hero member

Activity: 2828

Merit: 518

I don't think we need this and supposedly to think that this is a solution for the unsolve hacking activities.

https://gbhackers.com/bug-bounty-program-organization/

Reading to this, it eventually gives realizations that all internet activities including applications are prone to any hacking scenario. It was too sad to know that but we are in the vulnerability already. We can build our own security by making monthly software maintenance rather than running this kind of activity cause it could still be hacked again and again.

danherbias07

legendary

Activity: 3318

Merit: 1133

Leading Crypto Sports Betting & Casino Platform

Offer a job to hackers. Grin

Give them something in return if they can hack the exchange. That way they would see the holes in their website.
Don't they do this? I do think they do.
Looking for the soft spot and then trying to break in. Afterwards, they will look for another move to secure it.
I do think they do maintenance day for that.

princecharles

copper member

Activity: 210

Merit: 1

Exchange hacks is actually a pressing issue as several cryptocurrency exchange has had their fair share of losses this year as a result of hackers. I personally don't believe that bug bounty would cause a substantial relieve to the exchange as it relates to hacking, this is because most hacking operations are conducted with the assistance of an insider who holds a key position in the exchange and has his account compromised. Bug bounty at best could uncover only minor issues which in most cases won't be necessary for hackers.

leowonderful

legendary

Activity: 1624

Merit: 1130

Bitcoin FTW!

Quote from: avikz on December 03, 2019, 01:02:45 AM

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

I absolutely agree with this; hacks are possible on almost any exchange platform even with the most well-engineered security protocols especially with hacks where people on the inside are somehow compromised, and a great solution for both the exchange's reputability and customer trust is to ensure there's a simple and direct way for customers to retrieve stolen funds.

Even with bug bounties present, it's still possible that some hackers pass up on whatever a bug bounty happens to be and go for the bigger and riskier target of a primary cold wallet or something of the sort, though I imagine most hackers will just cash in on the bug bounty. It's still a good idea to have some sort of a bug bounty reserved nevertheless IMO, as any sort of deterrent to hacking is good.

TastyChillySauce00

legendary

Activity: 3010

Merit: 1028

Leading Crypto Sports Betting & Casino Platform

Some popular exchanges already have this and for example binance. Try to look up their bug bounty program but the reality it doesn't work as expected because people have this thing called greediness and if they are wicked enough they will just prefer to use the security hole and steal the money rather than receiving the rewards which at this point can be considered pennies. You can't expect to hire some security expert and get done with it either because a security hole is really random.

upyem2k

jr. member

Activity: 448

Merit: 1

Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.

BChydro

hero member

Activity: 1426

Merit: 506

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward.

The exchanges have to take care of their security as the prime focus if not they will pay a big price and by giving a bounty to identify the bugs will not sort these hacks, you need to have a mandatory insurance for the funds held in any exchange and if that happens then the users will have the confidence to use the exchange and i hope with regulation these exchanges will take care of security if not they will have to face the consequences.

duuuuude

hero member

Activity: 938

Merit: 500

Larger companies with high turnover always have good defense and I still can't understand how hackers can gain access to the main hot wallet, this I have often the thought creeps in that there are unscrupulous exchange which, under the guise of hacking make a good profit.

aemma

copper member

Activity: 966

Merit: 14

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

I think there is more to this hack of a thing than they tell us or than we know. Just like many have stated, it could be an insider job or it could be a drama just to enrich themselves more or it could also be real. However, your idea about bug bounty is good as it will expose many vulnerabilities owing to the fact developers likes being rewarded for their skills and expertise; but some bug bounties might be successful while some might be an avenue to leverage on the exchange weakness or bugs. On the other hand, hosting such at that amount might be a herculean task, and thus my own suggestion, keep your funds off exchanges there is no security of funds more than that.

asus09

sr. member

Activity: 1344

Merit: 270

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Good opinion by giving reward for every one can hacked some exchange market, but how come is an exchange playing drama by announce their exchange hacked but other way the owner become richest person, is available with his cases exchange market hacked, I think many drama every years with talk exchange hacked and give negative statement for the public.

seoincorporation

legendary

Activity: 3346

Merit: 3130

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This isn't a new idea, some months ago Poloniex post a tweet about their bug bounty:

Quote

We do! We find it better to handle security reports via our HackerOne bug bounty program. You can easily create one on the hacker registration page: https://hackerone.com/users/sign_up. Please email [email protected] to get an invitation to our HackerOne bug bounty

Source: https://twitter.com/Poloniex/status/1163426618959978496

And if you found a bug in Coinbase, you can report it on this link: https://hackerone.com/coinbase

The issue here is the kind of hackers who find the bug, if it's a white hat hacker it will report the bug and get the bounty, but if the hacker is a black hat hacker then it will try to exploit the site.

Kotone

hero member

Activity: 1372

Merit: 503

Can be but I think it's already been implemented by the huge exchanges. Not just it is so easy to find a bug out of a very big system. I presume these exchanges conducted already these and some of them are paying also huge money to their securities or personnel who managed their network security. Maybe for soms new projects they can launch bug bounty like this but for big players such as Binance, Kucoin, Okex and many exchanges. They can always hire or pay someone to ease the pain of hacking.

Byakuga

member

Activity: 518

Merit: 28

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Its not always the security itself, most times its the teams fault, they can get hacked and through their info hackers will have access to every cold store wallets on the exchange, i am expecting dex to be better in 2020 but we will see

vanya.pronin.1983

member

Activity: 378

Merit: 10

Bug bounty, hackatons and tons of other things are taking place almost every month on different exchanges, but the problem is that it has brought nothing till now. Look at Binance, they are doing such things very often, but got hacked anyway.

drlukacs

sr. member

Activity: 854

Merit: 253

l0tt0.com

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This idea is really bad. because instead of using bounty hunters with no knowledge of code knowledge or security system issues, we can use that $ 100k to hire good programmers to check it out. $ 100k is too much to spend every month. I guess the creators of the security systems are cheaper than this, so this is not a really good plan and it only benefits the cheaters.

aioc

hero member

Activity: 2926

Merit: 567

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Some of the problems come from the negligence of the staff and not the script, organizing a bug bounty every month although costly, only bug exchanges can afford that big amount, and besides they already have their resident programmers to check everything is working.

avikz

legendary

Activity: 3080

Merit: 1500

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

piebeyb

legendary

Activity: 2464

Merit: 1039

Bitcoin Trader

I think this method can be used but unfortunately there are many exchanges that do not want to use bounty bugs like this because it costs too much, actually this can prevent hackers from getting loopholes, I also often find reports that there are some sites that still have gaps, but sometimes I also find it hard to believe that there is still a large stock market that was hacked like a dream

Ucy

sr. member

Activity: 2674

Merit: 403

Compare rates on different exchanges & swap.

I doubt the problem is about bug. If they want you hacked, you will be hacked. The main problem is weakness in centralized exchanges and centralizion of fund. The exchange funds should be controlled by multiple people atleast or the funds should not be stored on single or few addresses. Besides, the whole centralization thing should be considered strange in crypto world and discouraged... We tell them "You are on your own if you decide to go that route". So, everybody using centralized platforms in this space should be aware of the risks.
There was a suggestion on the use of special withdrawal addresses controlled by multiple people for large funds. Once withdrawal is triggered, the funds are moved to the address and the owners can prove they own them and have their funds released. I wonder if this will work on centralized exchanges without problems

masterrex

full member

Activity: 1820

Merit: 107

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

I think it was a good idea and some of the cryptocurrency exchange has been doing that already, But sometimes our impressions might go wrong since there were some other theories that some of the hacking incident was just fruit of conspiracy from insiders. for me there were a lot of angles to be consider before making any conclusion.

Callanta787

member

Activity: 546

Merit: 21

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This is a good idea but this can't put a stop to hacks because hackers don't need to jailbreak the exchange security, all they have to do is have access to a exchange team account, the problem is not always the exchange security most time its through the teams or even inside job

Zeke_23

sr. member

Activity: 868

Merit: 333

Quote from: mR.k0fka on December 02, 2019, 11:37:39 PM

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

its a good idea however it will not stop =/
the game of security is very hard, and probably the hackers are governments like china or korea
they have a lot of power and nothing can stop them

What do you mean by it will not stop? The hacking? I think if this will be implemented, it will at least prevent t he exchange for becoming a victim of hacking.
We can't assume that the government is involved in here, it is hard to tell if there will be no proof to provide.

VanDeinsberg12

hero member

Activity: 1540

Merit: 507

Quote from: nreal on December 02, 2019, 09:50:28 PM

Alot of exchanges have this program, Binance also has a bug bounty but it is still hacked. Therefore, these programs cannot completely solve the problem. Centralized exchanges will always be a big target for hackers, so they are never 100% secure

Especially when we are talking about the codes and there were so many possibilities to the new vulnerabilities will be discovered by the hackers. That's why to put more funds to hire more experts to maintain the security anytime is much better (this will cost a lot of money)
The problem in the centralized exchange site was on its security. When it was not maintaining its security properly and there will be a lot of chance the vulnerabilities can be easily discovered.
Bug bounty is not a way to prevent but that is an additional way to get help from others to maintain the security of the exchange site itself.

Sithara007

legendary

Activity: 3346

Merit: 1352

Leading Crypto Sports Betting & Casino Platform

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Well.. there is a catch. When an exchange gets hacked, they are not losing their own money. Most of the funds that get stolen belongs to the users. And that is also one of the reasons why the exchanges are somewhat complacent with the hacks. On the other hand, if they distribute the bu bounty, then the amount has to come from their own funds. And that is the problem. Not many of the exchange owners will be willing to spend their own money, in order to identify and eliminate the bugs.

mR.k0fka

member

Activity: 210

Merit: 10

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

its a good idea however it will not stop =/
the game of security is very hard, and probably the hackers are governments like china or korea
they have a lot of power and nothing can stop them

Furryball

member

Activity: 490

Merit: 19

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Brilliant idea but not all of them will want to do it, actually if they can't its still not a problem, they can keep upgrading their security every month doing this will make things very hard for hackers

bassbity

sr. member

Activity: 1092

Merit: 284

Yes this is a very good idea if this is in the campaign right then I'm sure people will look for the BUG loophole to win the race with huge rewards, but it's rarely done in large exchanges it is better they do it themselves and when there are hackers they have to take responsibility like Upbit they are ready the responsibility of the funds affected by hackers.

MI6

hero member

Activity: 1260

Merit: 504

Betking.io - Best Bitcoin Casino

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Usually when at first they open exchange, they will held bug bounty too. But like i see on someone's post above me, maybe big exchange already confident with their security system and maybe that is what hacker use as advantage. Don't know actually what hacker do with site's security system but maybe that is what actually happen.

angrybirdy

sr. member

Activity: 1022

Merit: 277

★Bitvest.io★ Play Plinko or Invest!

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

It would be a good idea, but there are still so many considerations needed for the exchanges before they implement things such this. If they see this, it is indeed that they would prefer to pay bounty hunters than to lose millions of dollars, it is also to prevent having a holes in their security.

huu78

sr. member

Activity: 1204

Merit: 253

Undeads.com - P2E Runner Game

If all the many who open a bug job bounty a programmer they would be in vain in their project. Not a bug problem to be able to hack like that. Because of their negligence as a programmer that is less than productive about maintaining the security of their systems. Not by opening their bug bounty into a solution so that no exchange is exposed to hackers anymore.

albrots

sr. member

Activity: 534

Merit: 250

Good idea and workable. Large exchanges such as binance may already have pentesters to test the security of their exchanges very well, but sometimes they also do Bug bounties so others can find the slightest gap and close it. The prize is indeed quite large. But sometimes Exchange continues to be hacked and successfully broken into because there are insiders who have a section on the exchange that gives bugs to others. As is the case recently, Upbit lost 324k ETH, but the hacker mode is unknown.

nreal

full member

Activity: 932

Merit: 100

arcs-chain.com

Alot of exchanges have this program, Binance also has a bug bounty but it is still hacked. Therefore, these programs cannot completely solve the problem. Centralized exchanges will always be a big target for hackers, so they are never 100% secure

Aabcde

sr. member

Activity: 1050

Merit: 256

Maybe this is also a good idea to reduce the hack that happened lately.
But if we look at it, it could be that hacking is a drama by the exchange itself. Because how is it possible for a large exchange that runs millions of dollars to be hacked easily except just an insider game. It's like they didn't have any preparation when suddenly hacked.

Republikcoin.com

legendary

Activity: 2716

Merit: 1102

Leading Crypto Sports Betting & Casino Platform

besides, I think they have a team to look at the vulnerabilities that occur in an exchanger development. I don't think they will be half-formed in forming a team. other than that, I am pretty sure that the exchanger that currently exists is quite confident in their defense system.
Well, but for some new exchangers, I think doing this is worth it. more programmers looking for a bug are better than some people.

DarkDays

legendary

Activity: 2030

Merit: 1189

The vast majority of exchanges already have lucrative bug bounties. They also have pentesters, security experts and more that are involved in ensuring there are no vulnerabilities.

However, if you actually look at how most exchanges are compromised, it is actually the rest of a high level employee account being subverted, which gives them some control over the hot wallets.

Alternatively, it's often an inside job, where money is snatched at the moment it becomes most vulnerable. These are not things you can really protect against if you want the exchange to have any reasonable withdrawal timeframe.

CjMapope

legendary

Activity: 1820

Merit: 1092

~Full-Time Minter since 2016~

Quote from: htsy585 on December 02, 2019, 06:29:14 PM

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

i think thats a great idea

i have made some money bug hunting, its a completly viable career for blockchain enthusiaists imo. Hacks are the single biggest loss of crypto by far
In fact, last year Coinbase added a bug bounty on HackerOne, and AFAIK, they have paid out 10's of thousands for reported vulns since :O
I havent found any myself, but maybe one day haha

asriloni

legendary

Activity: 3038

Merit: 1024

Leading Crypto Sports Betting & Casino Platform

To discover the vulnerability is not easy as you said, not so many experts wanna participate in this campaign. Binance was doing bug bounty before it has stolen by the hackers. The effectiveness of the bug bounty still become the main question right now. You can see sometimes, the fault was coming from the internal of the exchange site itself, and I meant about a lot of scenario could happen anytime, especially for the insider job.
In that case, the bug bounty will not help a lot.
I believe if the majority of those exchange sites are ever getting hacked have done the bug bounty program.

htsy585

full member

Activity: 573

Merit: 102

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Topic: Can this Be The Solution To The Incessant Exchange hacks? (Read 312 times)