Bitcoin Forum
January 22, 2020, 01:27:18 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: SCAM - Blockchain.com & HackerOne.com didn't pay a major bug bounty & fixed bug.  (Read 335 times)
TwitchySeal
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 961



View Profile
October 18, 2019, 07:54:44 PM
Merited by BayAreaCoins (5)
 #21

Seems like this would be good story for some of those clickbait crypto news sites.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579656438
Hero Member
*
Offline Offline

Posts: 1579656438

View Profile Personal Message (Offline)

Ignore
1579656438
Reply with quote  #2

1579656438
Report to moderator
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1088


CryptoTalk.Org - Get Paid for every Post!


View Profile WWW
October 18, 2019, 08:12:15 PM
Merited by BayAreaCoins (2)
 #22

Their handling of the situation is what I would generously class as a complete joke. Being able to get 2FA Backup codes without proving you have access to a 2FA method makes about as much sense as being able to change the password on an account without knowledge of its existing password. It's ridiculous and a failure of basic security principles, and it's pretty worrying that a "military-grade" exchange made such a basic error. If they're making basic security errors like that then they have clearly invested very little in reviewing their security practices which is completely antithetical with claiming that your security is top-notch.

Shame on them.


 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
BayAreaCoins
Legendary
*
Offline Offline

Activity: 2394
Merit: 1069


FreeBitcoins.com Registered 2010


View Profile WWW
October 20, 2019, 02:59:16 AM
Last edit: October 20, 2019, 03:17:51 AM by BayAreaCoins
 #23

My only update for today:



Please considering voting at https://www.reddit.com/r/Bitcoin/comments/djpg2m/bug_bounty_scam_blockchaincom_hackeronecom_didnt/

lugrugzo
Full Member
***
Offline Offline

Activity: 122
Merit: 100


View Profile
October 29, 2019, 09:06:17 PM
 #24

I'm sorry but you act like r/ChoosingBeggars.
They clearly won't pay and even if they pay, the reason will be:

- F*ck, this guy talks so much, pay his shit and make him shut up.
BayAreaCoins
Legendary
*
Offline Offline

Activity: 2394
Merit: 1069


FreeBitcoins.com Registered 2010


View Profile WWW
October 30, 2019, 05:02:20 AM
Last edit: October 30, 2019, 07:05:23 AM by BayAreaCoins
 #25

I'm sorry but you act like r/ChoosingBeggars.

I'll live.  I'm not begging.  No need to apologize.  I treated this exactly how I would want my website to be treated as well.

I just think it's wild to claim military security and have 2fa backups dump without reauthenticating.  Then on top of that claim that is how it's supposed to function.  Then offer $50 but demand personal information.  It's just an experience that needs to be documented IMO.  That's worth far more than the $6,000 cap on bug bounties.

They clearly won't pay and even if they pay, the reason will be:

- F*ck, this guy talks so much, pay his shit and make him shut up.

How about:

- Hey, this guy found a major flaw in our securities logic that put our customers at risks that could/would result in coins being lost & customers possibly physically hurt. We fixed it asap. Our bug bounty says $2,000-$6,000.  Lets do what we say we will do.

Not:

- Uhhh the feature performs as intended.
(1 day later)
- Actually we fixed it because we already knew about it and Google does it this way too.  (Google does not)
- Here is $50 for trying so hard, but... we need all your personal info to pay you $50 or you get jack shit!  Welcome to the Bitcoin community, thanks for making our website and community more strong... let us know if you see anything else! *an heros  Roll Eyes*

I just can't stand getting fed bullshit & lies.  Please don't confuse my bitching as begging.  End of the day, I would have given them this for free... I just dislike the deceptive bullshit.

TwitchySeal
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 961



View Profile
October 30, 2019, 11:31:25 PM
 #26

I'm sorry but you act like r/ChoosingBeggars.
They clearly won't pay and even if they pay, the reason will be:

- F*ck, this guy talks so much, pay his shit and make him shut up.


If you just skimmed the OP and thread I can see how you would think that.  You're wrong though.

It doesn't matter how obvious or easy to fix a bug is.  It only matters how critical it is.

The fact the bug existed and the way it was handled is a pretty big deal imo. 

BayAreaCoins
Legendary
*
Offline Offline

Activity: 2394
Merit: 1069


FreeBitcoins.com Registered 2010


View Profile WWW
November 15, 2019, 03:46:08 PM
 #27

Bump.

Still demanding sensitive personal information for a $50 payment in BTC on a critical bug that would have resulted in user funds being lost.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!