An investigation by Hard Fork has revealed that cybersecurity researchers detected over 40 vulnerabilities in some blockchain and cryptocurrency platforms in the period between February 13 and March 13.
Using HackerOne, a security platform that connects organizations with white hat hackers, 43 reports on the bugs were sent to 13 organizations involved with cryptocurrency and blockchain technology.
Affected Cryptocurrency and Blockchain Platforms
MyEtherWallet, Tendermint, Tezos, Monero, Brave, and Coinbase are amongst the platforms that received the vulnerability reports. On the surface, none of the bugs were considered critical. However, some platforms received multiple vulnerability reports.
Unikrn, a gambling platform with a native cryptocurrency called Unicoin, topped the list of affected platforms with a total of 12 vulnerabilities. Having received six reports, Omise, the developers of the OmiseGo platform, were second on the list.
EOS and Tendermint received five and four bug reports respectively while three each were found on the Tezos and Augur platforms. Two vulnerabilities each were detected on MyEtherWallet, ICON, and Monero. Brave, Electroneum, Crypto.com, and Coinbase each received one bug report.
Types of Vulnerabilities Detected
With the exception of Block.one, the blockchain solutions provider behind EOS, none of the affected platforms made the details of the bug reports public.
Block.one attributed the vulnerabilities in four of the bug reports they received to the buffer overflow fault. The flaw is said to have made their software vulnerable to arbitrary code injection. The report on the said vulnerabilities, which have since been resolved, is available on hackerone.com.
The manner in which Block.one handled the reports is in line with the organization’s reputation as a blockchain business that champions the cause of white hat hackers.