As cryptocurrency losses from safety breaches surge previous $1.5 billion, cybersecurity consultants are urging exchanges to enhance bug bounty applications to draw high moral hackers and strengthen platform safety.
On March 3, blockchain safety agency CertiK stated that crypto misplaced from hacks in February had reached $1.53 billion, with the Bybit hack accounting for almost all of losses at greater than $1.4 billion. Excluding the incident, CertiK reported that different exploits had resulted in $126 million in losses, including a $49 million Infini hack.
Moral hacker Marwan Hachem informed Cointelegraph that the surge in crypto hack losses highlighted a rising want for higher bug bounty applications.
Hachem stated that to forestall such exploits, exchanges should provide larger and extra interesting bug bounty rewards to white hat hackers.
An “out of scope” bug led to a $1.4 billion hack
Hachem, chief working officer at cybersecurity agency FearsOff, stated crypto exchanges should provide larger rewards to moral hackers to forestall comparable exploits.
Based on the safety skilled, the bug bounty program of Protected, Bybit’s multisignature pockets supplier, thought-about bugs associated to the entrance and back-end out of scope, which means those that recognized these safety points weren’t eligible for rewards.
The safety skilled stated the Bybit hack occurred due to a bug that was not within the scope rewarded by the bounty program. “What they thought-about out of scope led to the most important crypto hack in historical past,” Hachem informed Cointelegraph. He added:
“We regularly breach platforms by means of bugs present in out-of-scope belongings. Moral hackers wouldn’t get rewarded for such findings, however criminals exploited them and stole $1.5 billion from Bybit.”
Bybit’s official bug bounty presents a most of $4,000 on its web site and as much as $10,000 on HackerOne — quantities that pale compared to the potential rewards for malicious hackers.
Hachem stated it’s higher to pre-emptively give white hat hackers greater rewards as an alternative of ready for a significant hack to occur and provide 10% of the stolen funds as a white hat reward. The chief stated this solely “emboldens dangerous actors.”
“Motivating high moral hackers to dedicate their time and a focus to testing an alternate by providing larger rewards will enormously enhance its safety, can be loads cheaper, and can safeguard its popularity,” Hachem informed Cointelegraph.
Associated: Bybit hackers resume laundering activities, moving another 62,200 ETH
Adopting stricter safety measures
Alongside higher bug bounty applications, a CertiK spokesperson informed Cointelegraph that stopping future exploits just like the Bybit hack requires adopting stricter safety measures.
A CertiK spokesperson informed Cointelegraph that air-gapped signing gadgets, non-persistent OS environments for transaction approvals and enhanced authentication layers for high-value transactions ought to change into trade requirements.
“Common red-team workouts and phishing simulations may also assist mitigate social engineering dangers,” the spokesperson stated.
CertiK’s report revealed that Bybit’s exploit resulted from a phishing assault that tricked multisignature signers into approving a malicious contract improve. In the meantime, the Infini hack stemmed from an admin personal key leak, permitting unauthorized withdrawals.
CertiK stated each incidents underscored the dangers of blind signing and insufficient transaction verification. “These circumstances emphasize the necessity for stronger authentication, real-time transaction monitoring, and extra resilient UI safety to forestall manipulation,” CertiK added.
Journal: Elon Musk’s plan to run government on blockchain faces uphill battle
Cointelegraph by Ezra Reguerra $1.5B crypto hack losses expose bug bounty flaws cointelegraph.com 2025-03-03 14:07:00
Source link
