Augur (REP) Vulnerability Exposed by White Hat Hacker via HackerOne Bug Bounty Program

Hacker Reveals Augur Vulnerability

Decentralized exchanges have long been a goal of the cryptocurrency community, as well as a working product within the markets. Large fees and vulnerability to hacking attempts are major problems seen within the centralized exchange markets, and many within the cryptocurrency community continue to look towards smaller, but decentralized markets as a viable alternative to the traditionally centralized exchange structure.

Augur has quickly distinguished itself as the most global and well-known name among the decentralized markets. Built on the Ethereum blockchain, the market is known as a dApp, or a decentralized application. But Augur isn’t just an exchange platform. Instead, it functions as a prediction market. On Augur, investors can put their money into predicting the potential outcomes of thousands of different things. The market also recently made global news when it was exposed that some people on the market were betting on dangerous things, such as the likelihood that President Donald Trump will be assassinated.

But now, the market is being judged for something different entirely. According to a disclosure on HackerOne’s bug bounty platform, a security researcher has found a way to inject false data into the user interface of Augur, which could have led to the loss of potentially hundreds of thousands of dollars of money for the users affected by the bug. The exposure of this exploit has led many to reconsider the relative safety of the decentralized exchange platform entirely.

How It Works

This particular exploit functioned because Augur uses the Ethereum blockchain to secure its uncensorable prediction market. The files which do the user-interface portion of the process are stored locally, which means that they are put on the user’s own device or computer. As a result, a hacker who is able to inject fraudulent data into these files can affect how the UI behaves on the Augur platform.

This could be used easily by a malicious hacker to trick the Augur UI into showing the user fraudulent information that could result in lost funds. For example, a savvy hacker could manage to gain access to these files and then make it to where the Augur interface shows the wrong account for the “deposit” wallet. Then, when the user goes to deposit their funds, they would be sending the money to the account of the hacker, losing their funds forever.

Patching The Bug

At first, the Augur development company Forecast Foundation attempted to argue that the bug that the security researcher found was insignificant, merely a UI-based glitch. But after a few days of argument, the company agreed to pay the whitehat hacker, named Viacheslav Sniezhkov, a bounty of USD $5,000.

Additionally, the researchers patched the bug. It is unclear at this point how exactly the researchers patched the bug, but users of the Augur platform are heavily advised to update the client used to run the program promptly. Because the news of the bug has been made public, there remains an extreme risk of vulnerability in all versions prior to the newest.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Avatar
Bitcoin Exchange Guide News Team
B.E.G. Editorial Team is a gracious group of giving cryptocurrency advocates and blockchain believers who want to ensure we do our part in spreading digital currency awareness and adoption. We are a team of over forty individuals all working as a collective whole to produce around the clock daily news, reviews and insights regarding all major coin updates, token announcements and new releases. Make sure to read our editorial policies and follow us on Twitter, Join us in Telegram. Stay tuned. #bitcoin

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,483FansLike
2,795FollowersFollow
4,263FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Gemini Crypto Exchange Opens Up GBP for Buying, Selling, and Trading for UK Customers

Cryptocurrency exchange Gemini is now expanding into the UK. The launch follows obtaining an electronic-money institutions (EMI) license from the Financial Conduct Authority (FCA) after...

Stocks & Gold Getting Hammered But Bitcoin Fundamentals Do Not Support A BTC Crash to $7k

In another red day of the week, Bitcoin dropped to about $10,150 level. Just like the weak price performance, with BTC currently trading around...

People's Bank of China (PBoC) Testing Digital Yuan (DCEP) for Credit Card Payments

China has been aggressively developing its central bank-issued digital currency (CBDC), popularly known as digital yuan. As per the latest reports, the People's Bank...

Indian Crypto Exchange, Pluto, Pulls An Exit Scam on Investors; Making Off With $270K

A Delhi-based crypto exchange, Pluto, has allegedly exit scammed and stolen about $270,000 worth from 43 investors. The local reports suggested that the Economic...

Bitcoin Mining Legalized in Venezuela But Being Centralized with National Digital Mining Pool

Venezuela has fully legalized bitcoin mining. According to a recent decree from the National Superintendency of Crypto Assets and Related Activities (SUNACRIP), the use,...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today