Almost every day is Christmas for the hackers in the crypto market, particularly in the Defi space.
In 2022, bad actors made away with a little over $3 billion, after hitting the Ronin Bridge, carting more than $600 million away, and hitting several other protocols for hundreds of millions.
In 2023, the hacking landscape cooled down a little bit, with hackers stealing a little over $1 billion.
However, in a market that seems to favour the bad actors, it still pays to be good.
According to a new report from Blockworks, while the bad actors made away with $1.1 billion in 2023, the "good hackers" were rewarded with about $640,000 for finding bugs before the bad ones did, and reporting them for good, honest cash rewards.
Hackers who find bugs in crypto protocols have to choose sometimes, between stealing funds and reporting them to the relevant parties to get them fixed.
Hackers who choose the former are known as black hats, and hackers who choose the latter are known as white hats.
One of the most well-known examples of black hat hackers is the North Korean Lazarus group, who are believed to have been behind the $624 million hack on the Ronin Bridge on 23 March 2023.
Oftentimes, white hat hackers who report rather than exploit bugs in smart contracts are rewarded, in what is known as a "bug bounty reward".
Although bug bounties are relatively new in the crypto space, they are becoming more and more popular.
In fact, according to HackerOne, there are currently about sixty companies in the crypto space, who already run open bug bounty programs.
These companies include DAOs, NFT platforms, protocols, wallets, exchanges, and more.
These crypto firms have also given away more than $640,000 to white hat hackers in the last year for reporting bugs in their systems.
According to the report from Blockworks, this figure might be larger, and currently only includes the public bug bounties.
Magic Eden, a Solana-based NFT marketplace is currently ranked as the most generous company when it comes to bug bounties.
The marketplace has rewarded fifteen hackers so far, with a total of $83,000. According to Blockworks, some of these hackers received more than $10,000, indicating that the vulnerabilities were quite serious.
Metamask comes after Magic Eden, after paying out $75,750 to hackers who have reported bugs in its wallet.
After Metamask, we have the likes of Hedera Hashgraph, Crypto.com and Poloniex, offering $62.2k, $54.8k, and $24,3k respectively.
Coinbase is also one of the most prominent companies in the crypto space when it comes to bug bounties.
According to HackerOne, Coinbase has paid out 120 bug bounties since its launch in 2012—a lot more than any other company
However, this figure could be even higher, considering how the last time Coinbase disclosed a bug bounty was in March 2018, when it awarded $20,000 to a hacker who had figured out how to send themselves free Ethereum.
Since then, Coinbase has improved and greatly raised the payouts for its bug bounty program.
Coinbase now offers up to $1 million to anyone anybody who can cause "serious business disruption".
These disruptions can also be anything from breaking into its cash, private keys, or hot or cold wallets, or finding ways to steal funds.
Crypto bug bounties are beneficial to companies as well as hackers.
Bug bounties provide hackers a legal way of making money, and also help them to enhance their reputation in the hacking community.
Moreover, companies can also save time, funds and a lot of headaches by rewarding hackers who help correct bugs before they are exploited.
All things considered, crypto bug bounties are useful to both hackers and companies.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.