Bitcoin Forum
November 19, 2024, 06:16:33 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Can this Be The Solution To The Incessant Exchange hacks?  (Read 310 times)
piebeyb
Legendary
*
Online Online

Activity: 2464
Merit: 1039


Bitcoin Trader


View Profile WWW
December 03, 2019, 05:57:15 AM
 #21

I think this method can be used but unfortunately there are many exchanges that do not want to use bounty bugs like this because it costs too much, actually this can prevent hackers from getting loopholes, I also often find reports that there are some sites that still have gaps, but sometimes I also find it hard to believe that there is still a large stock market that was hacked like a dream

avikz
Legendary
*
Offline Offline

Activity: 3276
Merit: 1531



View Profile
December 03, 2019, 06:02:45 AM
 #22

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

aioc
Hero Member
*****
Offline Offline

Activity: 3094
Merit: 578



View Profile
December 03, 2019, 06:16:30 AM
 #23

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

Some of the problems come from the negligence of the staff and not the script, organizing a bug bounty every month although costly, only bug exchanges can afford that big amount, and besides they already have their resident programmers to check everything is working.

drlukacs
Sr. Member
****
Offline Offline

Activity: 854
Merit: 253


l0tt0.com


View Profile
December 03, 2019, 06:43:33 AM
 #24

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
This idea is really bad. because instead of using bounty hunters with no knowledge of code knowledge or security system issues, we can use that $ 100k to hire good programmers to check it out. $ 100k is too much to spend every month. I guess the creators of the security systems are cheaper than this, so this is not a really good plan and it only benefits the cheaters.

|.
WHIRLWIND
|
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
        ▄▄▄██▀▀▀▀▀▄▄         █
     ▄▄██▀▀▄▄▀▀▀▀▀▄▄▄        █A
    ▄██▀▄██▀▄▀▀▀ ▄▄ ▄▄▄▄     █
   ███ ██▀▄▀     ▄▄▀▄▄ ▀█▄   █
  ███ ███ █        ▀▄ █▄ ██  █
  ███ ███ █         █ ██ ██  █
  ███ ███ █        ▄▀ █▀ ██  █
   ███ ██▄▀▄     ▀▀▄▀▀ ▄█▀   █
    ▀██▄▀██▄▀▄▄▄ ▀▀ ▀▀▀▀     █
     ▀▀██▄▄▀▀▄▄▄▄▄▀▀▀        █
        ▀▀▀██▄▄▄▄▄▀▀         █
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█
|.
  No Fee    Ultimate Privacy  
|.
ANONYMITY
MINING CAMPAIGN
|.
MIX NOW
|
vanya.pronin.1983
Member
**
Offline Offline

Activity: 378
Merit: 10


View Profile
December 03, 2019, 07:28:38 AM
 #25

Bug bounty, hackatons and tons of other things are taking place almost every month on different exchanges, but the problem is that it has brought nothing till now. Look at Binance, they are doing such things very often, but got hacked anyway.
Byakuga
Member
**
Offline Offline

Activity: 518
Merit: 28


View Profile
December 03, 2019, 07:31:15 AM
 #26

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Its not always the security itself, most times its the teams fault, they can get hacked and through their info hackers will have access to every cold store wallets on the exchange, i am expecting dex to be better in 2020 but we will see

▬▬▬▬▬▬▌   Vulcan Forged    ▐▬▬▬▬▬▬
▬▬▬▬▬▬▌    Telegram   ▌    Discord      ▌     Twitter      ▐▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬   DISCOVER   ▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Kotone
Hero Member
*****
Offline Offline

Activity: 1372
Merit: 503


View Profile WWW
December 03, 2019, 07:31:57 AM
 #27

Can be but I think it's already been implemented by the huge exchanges. Not just it is so easy to find a bug out of a very big system. I presume these exchanges conducted already these and some of them are paying also huge money to their securities or personnel who managed their network security. Maybe for soms new projects they can launch bug bounty like this but for big players such as Binance, Kucoin, Okex and many exchanges. They can always hire or pay someone to ease the pain of hacking.

seoincorporation
Legendary
*
Offline Offline

Activity: 3346
Merit: 3125



View Profile
December 03, 2019, 04:25:07 PM
 #28

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

This isn't a new idea, some months ago Poloniex post a tweet about their bug bounty:

Quote
We do! We find it better to handle security reports via our HackerOne bug bounty program. You can easily create one on the hacker registration page: https://hackerone.com/users/sign_up. Please email poloniex-security-report@circle.com to get an invitation to our HackerOne bug bounty

Source: https://twitter.com/Poloniex/status/1163426618959978496

And if you found a bug in Coinbase, you can report it on this link: https://hackerone.com/coinbase

The issue here is the kind of hackers who find the bug, if it's a white hat hacker it will report the bug and get the bounty, but if the hacker is a black hat hacker then it will try to exploit the site.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
asus09
Sr. Member
****
Offline Offline

Activity: 1344
Merit: 270



View Profile
December 03, 2019, 04:38:53 PM
 #29

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?
Good opinion by giving reward for every one can hacked some exchange market, but how come is an exchange playing drama by announce their exchange hacked but other way the owner become richest person, is available with his cases exchange market hacked, I think many drama every years with talk exchange hacked and give negative statement for the public.

.
Gamdom
15%.
CASHBACK
FOR THE FIRST
7 DAYS
██████████
██
██
██
██
██
██
██
██
██
██
██
██████████
█████████████████████████████████
.
█████████████████████████████████
██████████
██
██
██
██
██
██
██
██
██
██
██
██████████
▄██████████████████████████████▄
████████████████████████████████
█████▀▀████████▀▀████████▀▀█████    ▄▄▄▄
███ ▀▄▄▀ ████ ▀▄▄▀ ████ ▀▄▄▀ ███   ██████
████▀  ▀██████▀  ▀██████▀  ▀████   ▀████▀
████▄  ▄██████▄  ▄██████▄  ▄████     ██
████████████████████████████████     ██
████████████████████████████████     ██
██████████████████████████████████████▀
▀██████████████████████████████▀
     ██████████████████████
     ██████████████████████
████████████████████████████████
.
HIGH QUALITY CASINO
WITH MULTIPLE GAMES
████████
██
██
██
██
██
██
██
██
██
██
██
████████
██████████████████████████████████████████████
.
PLAY
.
██████████████████████████████████████████████
████████
██
██
██
██
██
██
██
██
██
██
██
████████
aemma
Copper Member
Member
**
Offline Offline

Activity: 966
Merit: 14


View Profile
December 03, 2019, 04:43:25 PM
 #30

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward. Its better to pay $100k to bug hunters discovering vulnerabilities within the exchange than loosing over $40m in hacks just like Binance and Upbit. What do you guys think?

I think there is more to this hack of a thing than they tell us or than we know. Just like many have stated, it could be an insider job or it could be a drama just to enrich themselves more or it could also be real. However, your idea about bug bounty is good as it will expose many vulnerabilities owing to the fact developers likes being rewarded for their skills and expertise; but some bug bounties might be successful while some might be an avenue to leverage on the exchange weakness or bugs. On the other hand, hosting such at that amount might be a herculean task, and thus my own suggestion, keep your funds off exchanges there is no security of funds more than that.
duuuuude
Hero Member
*****
Offline Offline

Activity: 938
Merit: 500


View Profile
December 03, 2019, 04:57:31 PM
 #31

Larger companies with high turnover always have good defense and I still can't understand how hackers can gain access to the main hot wallet, this I have often the thought creeps in that there are unscrupulous exchange which, under the guise of hacking make a good profit.
BChydro
Hero Member
*****
Offline Offline

Activity: 1426
Merit: 506


View Profile
December 03, 2019, 05:01:42 PM
 #32

Hello friends I am of the opinion that exchanges should adopt the system of organising monthly bug bounty campaigns for their platforms with a juicy reward.
The exchanges have to take care of their security as the prime focus if not they will pay a big price and by giving a bounty to identify the bugs will not sort these hacks, you need to have a mandatory insurance for the funds held in any exchange and if that happens then the users will have the confidence to use the exchange and i hope with regulation these exchanges will take care of security if not they will have to face the consequences.
upyem2k
Jr. Member
*
Offline Offline

Activity: 448
Merit: 1


View Profile
December 05, 2019, 12:33:16 AM
 #33

Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.
TastyChillySauce00
Legendary
*
Offline Offline

Activity: 3178
Merit: 1038


Leading Crypto Sports Betting & Casino Platform


View Profile
December 05, 2019, 12:38:57 AM
 #34

Some popular exchanges already have this and for example binance. Try to look up their bug bounty program but the reality it doesn't work as expected because people have this thing called greediness and if they are wicked enough they will just prefer to use the security hole and steal the money rather than receiving the rewards which at this point can be considered pennies. You can't expect to hire some security expert and get done with it either because a security hole is really random.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
leowonderful
Legendary
*
Offline Offline

Activity: 1624
Merit: 1130


Bitcoin FTW!


View Profile
December 05, 2019, 12:40:06 AM
 #35


Yes, that can be a viable option to fight hacking incidents. Basically it will reduce the possibility of hacking. But this is pre-hacking cautionary approach! It will drastically reduce the chance of becoming a fraud victim!

But hiw they will handle post hacking incidents? I think the approach taken by Binance is an effective solution to fight post-hacking situation! Every exchange should start keeping a certain percentage of their trading fees as a backup fund in case of a mishap just the way Binance keeps their SAFU fund! We have seen millions dollars worth of crypto hacks but the way Binance handled it, is commendable!

I absolutely agree with this; hacks are possible on almost any exchange platform even with the most well-engineered security protocols especially with hacks where people on the inside are somehow compromised, and a great solution for both the exchange's reputability and customer trust is to ensure there's a simple and direct way for customers to retrieve stolen funds.

Even with bug bounties present, it's still possible that some hackers pass up on whatever a bug bounty happens to be and go for the bigger and riskier target of a primary cold wallet or something of the sort, though I imagine most hackers will just cash in on the bug bounty. It's still a good idea to have some sort of a bug bounty reserved nevertheless IMO, as any sort of deterrent to hacking is good.
princecharles
Copper Member
Jr. Member
*
Offline Offline

Activity: 210
Merit: 1


View Profile
December 05, 2019, 12:48:56 AM
 #36

Exchange hacks is actually a pressing issue as several cryptocurrency exchange has had their fair share of losses this year as a result of hackers. I personally don't believe that bug bounty would cause a substantial relieve to the exchange as it relates to hacking, this is because most hacking operations are conducted with the assistance of an insider who holds a key position in the exchange and has his account compromised. Bug bounty at best could uncover only minor issues which in most cases won't be necessary for hackers.
danherbias07
Legendary
*
Offline Offline

Activity: 3318
Merit: 1133


Leading Crypto Sports Betting & Casino Platform


View Profile
December 05, 2019, 12:59:07 AM
 #37

Offer a job to hackers.  Grin
Give them something in return if they can hack the exchange. That way they would see the holes in their website.
Don't they do this? I do think they do.
Looking for the soft spot and then trying to break in. Afterwards, they will look for another move to secure it.
I do think they do maintenance day for that.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Yamifoud
Hero Member
*****
Offline Offline

Activity: 2828
Merit: 519


View Profile
December 05, 2019, 01:23:44 AM
 #38

I don't think we need this and supposedly to think that this is a solution for the unsolve hacking activities.

https://gbhackers.com/bug-bounty-program-organization/

Reading to this, it eventually gives realizations that all internet activities including applications are prone to any hacking scenario. It was too sad to know that but we are in the vulnerability already. We can build our own security by making monthly software maintenance rather than running this kind of activity cause it could still be hacked again and again.
Ridwan Fauzi
Full Member
***
Offline Offline

Activity: 1330
Merit: 147


View Profile
December 06, 2019, 12:42:32 PM
 #39

Is this a joke or what? $100,000 every month and that makes $1,200,000 per annum just to hunters? I doubt any exchange market will do that. They will rather employ a tech guy mainly for that instead of paying such huge sum to hunters monthly.
Yeah I just thinking, why not hire someone who is truly an expert in this field so as when he find some bug they won't ever spread it is bug publicly.

Different when there is an exchange who held such an idea that you are mentioned, there will be many people who will know the bug and most likely the people who know it will try ti find about the bug and how to overcome it and have an intention to try hack an exchange, it will be worst.
TRONTON
Sr. Member
****
Offline Offline

Activity: 868
Merit: 252


View Profile
December 08, 2019, 04:00:41 AM
 #40

the binding essence is that exchanges provide opportunities in general, and that will only lead to new problems that are more vulnerable, almost all large exchanges have committed bugs bounty, I believe it is indeed effective.

However, it is better if they offer a representative job to be employed internally because it will be more transparent to engage with insiders, and only compensate for public participation without having to publish the hackaton as often as possible.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!