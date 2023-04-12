Bug bounty programs have been around for quite some time – Here’s a list of other projects that have recently initiated such programs.

Many projects, large and small, have adopted the concept of bug bounty programs. The idea is straightforward: hackers disclose potential flaws in company programs and get compensated for their work via these bounty programs. On that front, OpenAI recently launched a similar program that awards up to a maximum of $20,000 to anyone who discovers defects in their ChatGPT platform. However, bug bounty programs have been around for quite some time – Here’s a list of other projects that have recently initiated such programs.

Hyperlane

Blockchain security is far from where it should be in order to detect and punish attackers who exploit flaws and steal funds. Therefore, several crypto projects have announced bug bounty programs to determine shortcomings in their network.

Hyperlane launched one such initiative back in January 2023. Hyperlane is a protocol that allows its users to develop decentralized applications, or dApps, across different blockchains. It made headlines last year for securing nearly $20 million in a funding round led by Variant, which is a crypto investment firm started by former members of Andreessen Horowitz.

The project established a bounty program with rewards pushing up to as much as $2.5 million for anyone who caught critical vulnerabilities in its smart contract. Examples of critical issues include - Unauthorized minting of interchain assets, unintended alteration of what the NFT represents, and any governance voting result manipulation, among others.

Meanwhile, the vulnerabilities considered as ‘high’ on the threat list carry a reward between $10,000 - $200,000, those considered as ‘medium’, carry a pay-out of $5,000, and those tagged ‘low’, carry a pay-out of $2,000.

Hedera Hashgraph

Hedera Hashgraph, another crypto project part of the list, is a platform that allows for the creation and interaction of dApps. However, it claims to be more secure and faster than traditional blockchains. As per data tracker Crunchbase, the project has secured a total of $125.5 million in four funding rounds. Boeing HorizonX Ventures , the venture capital arm of Boeing, and India’s network service provider, Tata Communications , are notable investors in the project.

Hedera established its bounty program in January 2023 to determine software vulnerabilities that could harm the network or its users. Examples of potential issues include sensitive information leakage, transaction tampering, and authorizing transactions without approval from the required owners, among others. The maximum bounty available per a ‘critical’ threat is $30,000 while the bounty on a ‘medium’ threat is $10,000.

Yuga Labs

Yuga Labs, the $4 billion tech firm behind the popular Bored Apes NFT collection, is another prominent player in the crypto industry that released a bounty program over the past few months.

Under the program, members can receive up to $25,000 for detecting critical shortcomings in its Web3 platform. Separately, Yuga Labs has also requested users to discover vulnerabilities on its discord servers too.

Discord servers of popular NFT collections have been known to be compromised from time to time. In June 2022, Yuga Labs said that its discord server was compromised, which resulted in a theft of Bored Ape NFT’s worth $360 million. The hacker reportedly used phishing links to mimic a community manager’s account and trick NFT owners into giving their private keys.

Critical issues which offer a maximum reward of $25,000 include bugs or exploits that can develop on the Bored Ape Yacht Club and Yuga Labs domain names, among others. As per HackerOne, a website that tracks bounty programs, a total of $34,000 in bounties have been paid and 12 reports have been solved since the start of Yuga Lab’s initiative.

Other notable mentions

While crypto projects are still relatively new, and many have just recently begun to implement bounty schemes, technology heavyweights have long supported the endeavours. Apple, Google, Intel, and Microsoft have been running bug bounty programs for more than a decade, paying out millions to those who find problems on their platforms. Intel, for example, has given out over $4.1 million since the launch of its bug bounty program in 2017.

Meanwhile, the world’s most valuable phone maker, Apple, has paid $20 million since 2016 in a bug program launched to detect vulnerabilities in Apple’s devices, software, and services.

Last year, Ryan Pickren, an Amazon Web Securities engineer received a bounty of slightly over $100,000 after exposing a MAC webcam-related bug that allowed hackers to gain access to a user’s device.

Conclusion

Recently, a US Chamber of Commerce study showed that 93 percent of small business owners in the US use technology-related platforms to run their businesses. Yes, the future lies in technology. However, as long as security remains a concern, bad actors will always pop up.

As per AAG, data breaches cost firms in the tech space an average of $4.35 million last year. The report claimed that cybercrimes increased during the year as hackers took advantage of poor security in databases as a result of a frenzied transition to a work-from-home environment amid the COVID-19 pandemic.

This is where bounty programs come in. They attempt to bridge the gap between cybercrimes and poor security by identifying potential flaws before they can be taken advantage of. It goes without saying that bounty programs would continue to be a critical feature of technology-related platforms and companies in the years to come as well.

Also Read: What is address poisoning and what can crypto investors do to avoid such attacks