EOS cryptocurrency contract bug hunter earns $120,000 in seven days

A single bug hunter is vastly improving the EOS blockchain system -- and cashing in at the same time.
Written by Charlie Osborne, Contributing Writer
File Photo

Security vulnerabilities left unchecked in blockchain systems and smart contracts can lead to disaster for cryptocurrency investors.

Month after month data breaches and security incidents occur at both well-known cryptocurrency exchanges and startups.

Cyberattackers target Initial Coin Offerings (ICOs) to rinse investor funds, hackers use 51 percent attacks to dominate mining pools, and bugs in the blockchain itself can tear away the foundations of successful cryptocurrency-based economies.

Unless the building blocks of a cryptocurrency are stable, creating a successful ecosystem is close to impossible -- and this does not just include market control, but cybersecurity.

Blockchain solution EOS, developed by Block.one, touts itself as the "most powerful infrastructure for decentralized applications."

Powerful, perhaps, but not as secure as it could be.

TechRepublic: Ethereum: A cheat sheet for professionals

On 31 May, EOS launched a bug bounty program on HackerOne and asked for reports on vulnerabilities impacting EOSIO blockchain software and Eos.js libraries.

The company offered a minimum bounty of $10,000, a financial reward that bug bounty hunter Guido Vranken is enjoying.

The ethical hacker reported a number of vulnerabilities in the core EOSIO software, earning him $80,000 in one day. However, additional bugs have been submitted, which Vranken believes tallies up to a total of $120,000.


Due to the bug bounty hunter's success, the startup offered Vranken a permanent role, although there is no information available on whether or not the job has been accepted.

The Cayman Islands-based startup managed to raise $4 billion during its ICO, despite the lack of a live product.

Vranken is evidently skilled at finding bugs, but the fact that one individual was able to find at least 12 vulnerabilities in one week while working alone suggests that EOS should take its code more seriously.

If it does not, the ICO, funding, and hype around its decentralized projects could all end up neutralized with one successful attack or data breach.

CNET: Initial coin offerings, explained

In related news, consultancy Autonomous NEXT said this week that while cryptocurrency startups have managed to raise close to $9 billion in ICOs over the course of this year alone, the hype is beginning to fade.

"If we pull out Telegram and EOS on a monthly basis, the monthly trend look severely down -- to $560 million from a high of $1.5 billion in December 2017," Autonomous NEXT said, as reported by Business Insider. "So unless you believe in the continued presence of mega deals, token offerings have indeed been dragging due to continued regulatory uncertainty, tax overhang, and a lack of tangible progress in software adoption by the mainstream consumer."

Top tips for investing in cryptocurrency

Previous and related coverage

Editorial standards