EOS Has Even More Vulnerabilities Than First Thought, Per HackerOne Blockchain Researchers
Blockchain researchers continue to find critical vulnerabilities in blockchain project EOS. The company behind EOS, Block.one, has already handed out $50,750 worth of bug bounties in the past five weeks, including five bounties labeled as “critical vulnerabilities”.
In January 2019 alone, Block.one closed eight vulnerability reports submitted by white hat hackers, giving away a total of $50,750 in bug bounties. Of those eight bug bounties, five qualified as “critical vulnerabilities”. Researchers who discover a critical vulnerability are awarded a bounty of $10,000 in exchange for their work.
All of this drama continues to occur with EOS months after its problematic launch. In the months following the launch of EOS in May 2018, Block.one awarded over $500,000 in bug bounties. That accounted for more than 60% of all bug bounty rewards awarded by blockchain companies.
Crypto and blockchain researchers continue to find vulnerabilities in the popular blockchain network.
However, EOS isn’t the only one dealing with a sudden surge of bug issues. Several other major blockchain companies were also processing bug bounties throughout January. TRON and exchange service Robinhood, for example, each closed three bug reports. Cobinhood closed two bug Roberts. Monero, Electroneum, Coinbase, and Gatecoin also closed one bug report each in January.
All of this information comes from HackerOne, a breach disclosure platform. HackerOne discloses bug bounties awarded to various security researchers across the industry.
Blockchain Bug Bounties Remain a Small Segment of the Security Industry
It’s easy to be skeptical of blockchain technology based on all of these bug bounties over the past month. However, it’s important to note that blockchain only represented a small slice of all bug bounties claimed over the last month.
Of the 1,400 new bug reports submitted to HackerOne in January, only a handful came from the blockchain industry. In comparison, blockchain companies closed over 3,000 bug reports in 2018, earning security researchers a total of $900,000 in bug bounties.
It’s also important to note that HackerOne isn’t a comprehensive source of security breaches from across the industry. HackerOne features bug reports disclosed by security reserachers. The real number of bugs in blockchain-based platforms – and other software industries – is much higher.
Should EOS Holders Be Worried?
Ultimately, EOS has had significant concerns since launch. Some have called them growing pains. Others see it as a major weakness. The truth is: EOS is one of the best-funded blockchain companies in the crypto space. They have a bug bounty program like this specifically to find vulnerabilities.
According to the latest report from HackerOne, that bug bounty program is working as intended. Security researchers have an incentive to find and disclose vulnerabilities within EOS instead of exploiting them.
Of course, it remains to be seen how many more EOS vulnerabilities remain undisclosed.