htsy585 (OP)
|
|
December 02, 2019, 11:29:14 PM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
|
|
|
|
asriloni
Legendary
Offline
Activity: 3150
Merit: 1032
Leading Crypto Sports Betting & Casino Platform
|
|
December 02, 2019, 11:38:22 PM |
|
To discover the vulnerability is not easy as you said, not so many experts wanna participate in this campaign. Binance was doing bug bounty before it has stolen by the hackers. The effectiveness of the bug bounty still become the main question right now. You can see sometimes, the fault was coming from the internal of the exchange site itself, and I meant about a lot of scenario could happen anytime, especially for the insider job. In that case, the bug bounty will not help a lot. I believe if the majority of those exchange sites are ever getting hacked have done the bug bounty program.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
CjMapope
Legendary
Offline
Activity: 1820
Merit: 1092
~Full-Time Minter since 2016~
|
|
December 03, 2019, 12:23:42 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
i think thats a great idea i have made some money bug hunting, its a completly viable career for blockchain enthusiaists imo. Hacks are the single biggest loss of crypto by far In fact, last year Coinbase added a bug bounty on HackerOne, and AFAIK, they have paid out 10's of thousands for reported vulns since :O I havent found any myself, but maybe one day haha
|
~Got this girl in my bed, a roof over my head, i mint a couple coins a week, and thats how i make bread~ ~On the 12th day of Hatzvah, OGminer said to me: "compute root of the merkle hash tree!"~ Prohashing -- Simply the best Multipool!
|
|
|
DarkDays
Legendary
Offline
Activity: 2030
Merit: 1189
|
The vast majority of exchanges already have lucrative bug bounties. They also have pentesters, security experts and more that are involved in ensuring there are no vulnerabilities.
However, if you actually look at how most exchanges are compromised, it is actually the rest of a high level employee account being subverted, which gives them some control over the hot wallets.
Alternatively, it's often an inside job, where money is snatched at the moment it becomes most vulnerable. These are not things you can really protect against if you want the exchange to have any reasonable withdrawal timeframe.
|
|
|
|
Republikcoin.com
Legendary
Offline
Activity: 2884
Merit: 1103
Leading Crypto Sports Betting & Casino Platform
|
|
December 03, 2019, 12:45:06 AM |
|
besides, I think they have a team to look at the vulnerabilities that occur in an exchanger development. I don't think they will be half-formed in forming a team. other than that, I am pretty sure that the exchanger that currently exists is quite confident in their defense system. Well, but for some new exchangers, I think doing this is worth it. more programmers looking for a bug are better than some people.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Aabcde
|
|
December 03, 2019, 01:20:36 AM |
|
Maybe this is also a good idea to reduce the hack that happened lately. But if we look at it, it could be that hacking is a drama by the exchange itself. Because how is it possible for a large exchange that runs millions of dollars to be hacked easily except just an insider game. It's like they didn't have any preparation when suddenly hacked.
|
|
|
|
nreal
Full Member
Offline
Activity: 932
Merit: 100
arcs-chain.com
|
|
December 03, 2019, 02:50:28 AM |
|
Alot of exchanges have this program, Binance also has a bug bounty but it is still hacked. Therefore, these programs cannot completely solve the problem. Centralized exchanges will always be a big target for hackers, so they are never 100% secure
|
|
|
|
albrots
|
|
December 03, 2019, 03:45:36 AM |
|
Good idea and workable. Large exchanges such as binance may already have pentesters to test the security of their exchanges very well, but sometimes they also do Bug bounties so others can find the slightest gap and close it. The prize is indeed quite large. But sometimes Exchange continues to be hacked and successfully broken into because there are insiders who have a section on the exchange that gives bugs to others. As is the case recently, Upbit lost 324k ETH, but the hacker mode is unknown.
|
|
|
|
huu78
Sr. Member
Offline
Activity: 1204
Merit: 253
Undeads.com - P2E Runner Game
|
|
December 03, 2019, 03:52:50 AM |
|
If all the many who open a bug job bounty a programmer they would be in vain in their project. Not a bug problem to be able to hack like that. Because of their negligence as a programmer that is less than productive about maintaining the security of their systems. Not by opening their bug bounty into a solution so that no exchange is exposed to hackers anymore.
|
|
|
|
angrybirdy
|
|
December 03, 2019, 04:02:14 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
It would be a good idea, but there are still so many considerations needed for the exchanges before they implement things such this. If they see this, it is indeed that they would prefer to pay bounty hunters than to lose millions of dollars, it is also to prevent having a holes in their security.
|
|
|
|
MI6
|
|
December 03, 2019, 04:14:55 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Usually when at first they open exchange, they will held bug bounty too. But like i see on someone's post above me, maybe big exchange already confident with their security system and maybe that is what hacker use as advantage. Don't know actually what hacker do with site's security system but maybe that is what actually happen.
|
|
|
|
bassbity
|
|
December 03, 2019, 04:23:26 AM |
|
Yes this is a very good idea if this is in the campaign right then I'm sure people will look for the BUG loophole to win the race with huge rewards, but it's rarely done in large exchanges it is better they do it themselves and when there are hackers they have to take responsibility like Upbit they are ready the responsibility of the funds affected by hackers.
|
|
|
|
Furryball
Member
Offline
Activity: 490
Merit: 19
|
|
December 03, 2019, 04:25:59 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Brilliant idea but not all of them will want to do it, actually if they can't its still not a problem, they can keep upgrading their security every month doing this will make things very hard for hackers
|
|
|
|
mR.k0fka
Member
Offline
Activity: 210
Merit: 10
|
|
December 03, 2019, 04:37:39 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
its a good idea however it will not stop =/ the game of security is very hard, and probably the hackers are governments like china or korea they have a lot of power and nothing can stop them
|
|
|
|
Sithara007
Legendary
Offline
Activity: 3332
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
|
|
December 03, 2019, 04:38:33 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Well.. there is a catch. When an exchange gets hacked, they are not losing their own money. Most of the funds that get stolen belongs to the users. And that is also one of the reasons why the exchanges are somewhat complacent with the hacks. On the other hand, if they distribute the bu bounty, then the amount has to come from their own funds. And that is the problem. Not many of the exchange owners will be willing to spend their own money, in order to identify and eliminate the bugs.
|
|
|
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
AVATAR & PERSONAL TEXT Leading Crypto Sports Betting & Casino Platform Feel free to drop your doubts bellow Report to moderator ♠ ♥ ♣ ♦ ▬▬▬ ▬ Stake.com / Play Smarter ▬ ▬▬▬ ♠ ♥ ♣ ♦ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ L E A D I N G C R Y P T O C A S I N O & S P O R T S B E T T I N G Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here. Strongkored Legendary * Online Online Activity: 2072 Merit: 1061 View Profile Personal Message (Online) Trust: +0 / =0 / -0 Ignore Re: [OPEN]Stake.com NEW SIGNATURE CAMPAIGN l NEW PAYRATES l HERO & LEG ONLY May 31, 2022, 08:28:59 AM Reply with quote +Merit #2 Bitcointalk Username: strongkored Profile Link: https://bitcointalk.org/index.php?action=profile;u=640554Post Count: 5040 Forum Rank: Legendary Are you able to wear our Signature, Avatar & Personal Text? will wear upon receipt Stake
|
|
|
VanDeinsberg12
|
|
December 03, 2019, 04:51:22 AM |
|
Alot of exchanges have this program, Binance also has a bug bounty but it is still hacked. Therefore, these programs cannot completely solve the problem. Centralized exchanges will always be a big target for hackers, so they are never 100% secure
Especially when we are talking about the codes and there were so many possibilities to the new vulnerabilities will be discovered by the hackers. That's why to put more funds to hire more experts to maintain the security anytime is much better (this will cost a lot of money) The problem in the centralized exchange site was on its security. When it was not maintaining its security properly and there will be a lot of chance the vulnerabilities can be easily discovered. Bug bounty is not a way to prevent but that is an additional way to get help from others to maintain the security of the exchange site itself.
|
.......[url]CHOOSE LIFE ♦ CHOOSE SPACE ♦ CHOOSE FRIENDS...........[URL].....► C O M I N G S O O N..... |
|
|
|
Zeke_23
|
|
December 03, 2019, 05:02:06 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
its a good idea however it will not stop =/ the game of security is very hard, and probably the hackers are governments like china or korea they have a lot of power and nothing can stop them What do you mean by it will not stop? The hacking? I think if this will be implemented, it will at least prevent t he exchange for becoming a victim of hacking. We can't assume that the government is involved in here, it is hard to tell if there will be no proof to provide.
|
| AMEPAY | | | | | | ▄▄█████████▄▄ ▄█████████████████▄ ▄█████████████████████▄ ▄█████████▀▀▄▀▀█████████▄ ▄████████▄▄█▀ ▀█▄▄████████▄ ████████ ▀▀█▄██▀▀▄████████ ████████ █ ▄ █ ▄▀▀▄████████ ████████ █ █ █ ▄▀▀▄████████ ▀█████████▄█ █ ▄██████████▀ ▀████████ ▀▀▀ ████████▀ ▀█████████████████████▀ ▀█████████████████▀ ▀▀█████████▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | │▌ | AME TRADE HERE
▄██████▄ ▀██████▄ █████████ ▀█████ ███████▀ ▀███ ██████▀ ▄█▄ ▀██ ██████▄ ▀█▀ ▄██ ███████▄ ▄███ █████████ ▄█████ ▀██████▀ ▄██████▀ | |
| │ | | AME TRADE HERE
▐███▄ ████▌ ▐██████████▄ █████████████ ████▌ █████ ▐████ ▄████ ██████████▀ ▀█████▀▀ | |
| ▐│ | ▄▄█████████▄▄ ▄█████████████████▄ ▄█████████████████████▄ ▄█████████▀▀▄▀▀█████████▄ ▄████████▄▄█▀ ▀█▄▄████████▄ ████████ ▀▀█▄██▀▀▄████████ ████████ █ ▄ █ ▄▀▀▄████████ ████████ █ █ █ ▄▀▀▄████████ ▀█████████▄█ █ ▄██████████▀ ▀████████ ▀▀▀ ████████▀ ▀█████████████████████▀ ▀█████████████████▀ ▀▀█████████▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ |
|
|
|
Callanta787
|
|
December 03, 2019, 05:03:26 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
This is a good idea but this can't put a stop to hacks because hackers don't need to jailbreak the exchange security, all they have to do is have access to a exchange team account, the problem is not always the exchange security most time its through the teams or even inside job
|
|
|
|
masterrex
|
|
December 03, 2019, 05:03:44 AM |
|
Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
I think it was a good idea and some of the cryptocurrency exchange has been doing that already, But sometimes our impressions might go wrong since there were some other theories that some of the hacking incident was just fruit of conspiracy from insiders. for me there were a lot of angles to be consider before making any conclusion.
|
|
|
|
Ucy
Sr. Member
Online
Activity: 2632
Merit: 403
Bisq is a Bitcoin Fiat Dex. Use responsibly
|
|
December 03, 2019, 05:46:11 AM |
|
I doubt the problem is about bug. If they want you hacked, you will be hacked. The main problem is weakness in centralized exchanges and centralizion of fund. The exchange funds should be controlled by multiple people atleast or the funds should not be stored on single or few addresses. Besides, the whole centralization thing should be considered strange in crypto world and discouraged... We tell them "You are on your own if you decide to go that route". So, everybody using centralized platforms in this space should be aware of the risks. There was a suggestion on the use of special withdrawal addresses controlled by multiple people for large funds. Once withdrawal is triggered, the funds are moved to the address and the owners can prove they own them and have their funds released. I wonder if this will work on centralized exchanges without problems
|
|
|
|
|