Bitcoin Forum

I noticed that new projects this day are not using bug bounty hunters to see how strong their security 🔐 is, it's not because they don't have the money, they raised millions and don't care..

It looks like getting hacked is a big excuse to rob people's money, they can easily blame it on hack and say 'we are sorry we get hacked' where as they pray for it or have it in mind to hacked themselves .

I read somewhere that some bugs bounty hunters find bug for few new projects that could have messed up the funds but the project team do not compensate them and ignore the bounty hunter. It's like saying ' who told you to find a bug?' .

It seems we need to take this seriously, any project that doesn't open door for legit hackers ( bug hunters ) to test-run their security or system and claim they are safuu are really not.

Most of the project launch alpha and beta test to explore all the bugs on the project code. The typical bug bounty campaign here in the forum is already not that popular since project usually launch this test program on there own channel and not through the forum. They are using discord for a more organize way to distribute information to all the tester.

Besides there’s also some audit company that reviews smart contract of projects that specializes on finding exploit on the code aside from the alpha and beta testers result.

I'm almost running into the conclusion that such is becoming the pattern now. They expect investors who've invested money in their sham projects to show sympathy once that excuse is made. As soon as that's achieved the projects buy time with that excuse and make their escape plans before the bewildered investors realize what's happening. Investors have really suffered in this space and I guess it's largely due to the fact that it's not yet regulated. I believe that if there's regulation, so many of these abnormalities will disappear overnight.

You could be right, there is no scheme new projects doesn’t use this days to get away with so much nonsense but I don’t know how someone could pull a hack on themselves all in the name of faking it.

Well it may be possible since they are new project and so much attention isn’t place on them even though some of them raises huge money, they still have more of less experience members in their community who just cry out the situation and that is it. Personally I stay away from new projects.

While the biggest tech companies are having their bug bounty program. That's what the new projects must consider first if they're serious with what they're working on.

In other companies, it's not really given priority because they think that they won't be targeted by any hacker.

But in real world today, you'll never know who's your enemy that might attack your project and that's why I understand and I agree to what OP is bringing up on this topic.

It is hard to prove and that is why most projects use this excuse but the truth is that hacking is extremely rare and most of the worlds population would not be able to get through basic security and I think what the altcoins forget is that hackers only hack if they can benefit from it so hacking a worthless project does not make sense and increases the risk that they get caught.

If there's a hacking on big platform which conduct such activities here in forum maybe we can conclude that they are really using that to create an excuse. But the way I see in service section where if there is a bug bounty campaign open up mostly this is new platform which test how tight their security is. But also maybe some of long exist platform really do this so we need to be aware with that to avoid getting hacked or get rob by scams.

Cannot conclude any thing without proof and since some of them might have been hacked it would require a investigation for every project that claims to be hacked. It should be up to the platforms to prove that they have been hacked but even then that would be difficult because you would probably need a third party that is not biased to investigate.

Firstly before bouncing on a project, one ought to be certain of what they're about getting into and that's why it is always adviced to do your own research [DYOR] No matter the source an information is coming from.
I don't disagree with you, not at all and this accusation is actually worth looking into because I see no reason why a company wouldn't have to appreciate the effort of some bug hunters but rather take them for granted after doing a nice job and fishing out some security threats.
Most of this projects if crashed or a case of hacking is been reported, tye founders of the projects should be held responsible and not let to go scot free.

As long as you keep using a centralized exchange this kind of worrying words will be common such as "am sorry" to gamblers because that's what they will always do but after the whole scam involved some will still keep them under their choicest all because they are new or they need more helping hands for clearer understanding, dealing with what will definitely cost us need not be begin.

It's an easy excuse for anyone - if it's decentralised it's much easier to verify the attack happened (but not if the attack was an inside job).

Many bug bounty hunters expect to be paid well, and for good reason. A lot of projects are fairly secure and a lot of devs underestimate how easy a vulnerability is to spot (generally, if one person can spot it, more likely will and some might be less forgiving). A lot of the time, pressure can be put on the dev team to fix something by giving them a limit for exposing the vulnerability publicly but you might be even less likely to receive a bounty then.

Most of these sorts of attacks do tend to be inside jobs though that are coordinated - there are some hacks that have looked more legit but in a deflationary economy, there's always a way an attack can benefit the exchange/service more than the individual (such as by paying fiat values)..

And you need to know that's phenomenon it's only found on new project, but there's a lot big and popular project still do that e.g. centralized exchange. I wouldn't need to mention the exchanges that already collapse, the one which still exist e.g. Binance is also a complete liar since they offer SAFU and they have very high security. But they already get hacked twice in the past, that doesn't make me think Binance has very high security.

Also the SAFU or insured funds aren't transparent, they could say they only have $1, after all it's still SAFU lol.

Some of these are true, and maybe, most are lies. Well sometimes it is an enough reason to take investors' money away. But sometimes it is not. They should have the responsibility to compensate the loss money of their users, as it was their fault... they allowed themselves to be vulnerable to such attack.

Let's be reminded to be more careful where we invest our money. Be picky!

What are you talking about? What punishments? Check how many scams have been created in the last five years. How many of you know those who were punished? Precisely because all these projects hide behind anonymity, relying on the idea of Bitcoin, there will be a huge number of scammers.
Smart bounty hunters who show errors may realize that it is not worth advertising this or that project. Furthermore, you should not advertise all new projects because nothing new can be created. Everyone repeats each other, only partially changing some things.
But people are naive, and this is their right; they do not believe in Bitcoin, but they are waiting for big pluses, which, as we know, very often turn into huge minuses.

What kind of project to be specific? before a project release, they make sure that the developer has a QA too which is trying to penetrate the system itself if the code is already concrete and there are no open vulnerabilities, that's the reason why it's not ideal to store your assets in a centralized wallet because you don't have the full authority to make a withdrawal with those funds instead if those project really has a budget they will hire a professional in that field like the white hackers to make sure the security if they don't care with this take a doubt with it already. If you are a hunter and just paid with a small amount and you see a breach I guess there's a possibility change your mind tho. Take care with the projects and filter them out.

I do not understand why there is mention of exchange here.  As far as I know, the discussion is about newly launched projects that failed to do or intended to not do bug bounty so that they have an excuse to run with the investors' money.  This is another reason why the need for regulation for the start-up is badly needed.  Those project that collected huge amounts of money and failed to secure it should be punished anyway.  They should be served as an example so that upcoming projects will take all matters seriously.


If there are no vulnerabilities then why projects are getting hacked?  Are you saying these hacks are inside jobs?

It is because of all these kinds of stories I avoid projects, they are some investor's favourites but to me, the fastest and easiest way to lose money in crypto is through alts projects, the team usually comprises lazy developers that contribute few or nothing to GitHub, lack of update for the community and inadequate audit. As soon as they received their portion of allocations, they sell almost all and will later abandon the projects and move to a new one abusing decentralization to milk people's money.

You see those hacks we often see in the news, I don't believe them, they are most often than not insider work especially in situations when teams are no longer on good terms, I wouldn't buy the story that where the team held the keys worth millions were comprised or bug from their own mistakes, they don't care, trust me when I said so.

You could be right.. If good projects aka exchanges find themselves in such a mess unexpectedly they can easily put all blame on the hacker instead of blaming themselves for poor security just to avoid reimbursement ..

The fact I know about most hacks is that they are inside jobs, might not be all of them but most times it's someone on the inside.

That is one of the possibilities, and I am sure that there are those who falsely hack themselves in order to end up being victims, who then the majority will not accuse of having stolen their money. Playing on human sympathy is a powerful card, especially nowadays when there are very efficient ways of manipulating information.

99% of all those projects are doomed anyway and I don't understand how naive you have to be to think that you will be happy and find that 1% that might be successful. I would rather give that money to humanitarian purposes or feed the pigeons, which certainly makes a lot more sense.

Scam project cases from the category of alleged hacking occur a lot and the team tries to cover up their real identity (if they use the real identity on the whitepaper) to run away and remove traces of Twitter profile links, Linkendin and others, but unfortunately even though the project can be proven to be a fraud case, they don't report it that case because crypto regulations are illegal status of every country, so that case will be ignored. Scam scheme of hacking case will never go away even top projects will also experience the same case.

Yeah also for sure those people who participate on those activities conducted by platform before they get hack will possibly will leak an information about possible inside job. But none of this happen and I think there's no such thing use as excuse, those platform became scam just planned it without giving a hint.

So for experiences we see much better for anyone to not trust any platform especially doing some decision to store some huge amount of money there.

I once thought that a fraudulent project was a program deliberately planned by a group of people or in other words, a project team. So there is also logic if they try to cover up their real identities for the public so that they are not easily found when they have stolen other people's money in any way. And for the hacking problem I see it as a crime that is different from the fraudulent projects in crypto even though the problem of hacking has also been very common in the crypto space in recent years

This is a very good reason to be sure of where you are sending your money, it's always about trust. The claim of the OP is so genuine, and one of the reasons why I would always clamour for more regulation in the crypto space despite many people not thinking towards that direction. There are legit scams, and this pattern would not stop if there are no strict independent experts and government overseers that would put an end to such criminal activities. This could be peculiar to the centralized companies alone, it doesn't matter.

Many people had been legally and illegally scammed in the name of crypto, I only trust a few decentralized wallets, nothing else.

I think the investors should get their refunds at the main head of that website. What if they only say "they get hacked" but the truth is, they robbed it or something. You guys always take care of your investment in your very trusted deserve to invest.