$1.5B crypto hack losses expose bug bounty flaws
As cryptocurrency losses from security breaches surge past $1.5 billion, cybersecurity experts are urging exchanges to improve bug bounty programs to attract top ethical hackers and strengthen platform security.
On March 3, blockchain security firm CertiK said that crypto lost from hacks in February had reached $1.53 billion, with the Bybit hack accounting for the majority of losses at more than $1.4 billion. Excluding the incident, CertiK reported that other exploits had resulted in $126 million in losses, including a $49 million Infini hack.
Ethical hacker Marwan Hachem told Cointelegraph that the surge in crypto hack losses highlighted a growing need for better bug bounty programs.
Hachem said that to prevent such exploits, exchanges must offer higher and more appealing bug bounty rewards to white hat hackers.
Hachem, chief operating officer at cybersecurity firm FearsOff, said crypto exchanges must offer higher rewards to ethical hackers to prevent similar exploits. According to the security professional, the bug bounty program of Safe, Bybit’s multisignature wallet provider, considered bugs related to the front and back-end out of scope, meaning those who identified these security issues were not eligible for rewards. The security professional said the Bybit hack happened because of a bug that was not in the scope rewarded by the bounty program. “What they considered out of scope led to the biggest crypto hack in history,” Hachem told Cointelegraph. He added: “We often breach platforms through bugs found in out-of-scope assets. Ethical hackers wouldn’t get rewarded for such findings, but criminals exploited them and stole $1.5 billion from Bybit.” Bybit’s official bug bounty offers a maximum of $4,000 on its website and up to $10,000 on HackerOne — amounts that pale in comparison to the potential rewards for malicious hackers. Hachem said it’s better to pre-emptively give white hat hackers bigger rewards instead of waiting for a major hack to happen and offer 10% of the stolen funds as a white hat reward. The executive said this only “emboldens bad actors.” “Motivating top ethical hackers to dedicate their time and attention to testing an exchange by offering higher rewards will greatly improve its security, will be a lot cheaper, and will safeguard its reputation,” Hachem told Cointelegraph. Related: Bybit hackers resume laundering activities, moving another 62,200 ETH Alongside better bug bounty programs, a CertiK spokesperson told Cointelegraph that preventing future exploits like the Bybit hack requires adopting stricter security measures. A CertiK spokesperson told Cointelegraph that air-gapped signing devices, non-persistent OS environments for transaction approvals and enhanced authentication layers for high-value transactions should become industry standards. “Regular red-team exercises and phishing simulations can also help mitigate social engineering risks,” the spokesperson said. CertiK’s report revealed that Bybit’s exploit resulted from a phishing attack that tricked multisignature signers into approving a malicious contract upgrade. Meanwhile, the Infini hack stemmed from an admin private key leak, allowing unauthorized withdrawals. CertiK said both incidents underscored the risks of blind signing and inadequate transaction verification. “These cases emphasize the need for stronger authentication, real-time transaction monitoring, and more resilient UI security to prevent manipulation,” CertiK added. Magazine: Elon Musk’s plan to run government on blockchain faces uphill battle
An “out of scope” bug led to a $1.4 billion hack
Adopting stricter security measures
Bitcoin (BTC) $ 96,315.00
Ethereum (ETH) $ 1,828.78
Tether (USDT) $ 1.00
XRP (XRP) $ 2.21
BNB (BNB) $ 598.94
Solana (SOL) $ 147.86
USDC (USDC) $ 0.999993
Dogecoin (DOGE) $ 0.178963
Cardano (ADA) $ 0.696778
TRON (TRX) $ 0.249241
Lido Staked Ether (STETH) $ 1,826.11
Wrapped Bitcoin (WBTC) $ 96,147.00
Sui (SUI) $ 3.43
Chainlink (LINK) $ 14.44
Avalanche (AVAX) $ 20.96
Stellar (XLM) $ 0.272211
LEO Token (LEO) $ 8.91
Toncoin (TON) $ 3.18
Shiba Inu (SHIB) $ 0.000013
USDS (USDS) $ 0.999980
Hedera (HBAR) $ 0.183522
Wrapped stETH (WSTETH) $ 2,194.46
Bitcoin Cash (BCH) $ 368.73
Hyperliquid (HYPE) $ 20.67
Litecoin (LTC) $ 87.09
Polkadot (DOT) $ 4.16
WETH (WETH) $ 1,828.49
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Bitget Token (BGB) $ 4.39
Monero (XMR) $ 276.01
Ethena USDe (USDE) $ 1.00
WhiteBIT Coin (WBT) $ 28.90
Pi Network (PI) $ 0.587304
Wrapped eETH (WEETH) $ 1,948.07
Coinbase Wrapped BTC (CBBTC) $ 96,322.00
Pepe (PEPE) $ 0.000009
Aptos (APT) $ 5.38
Dai (DAI) $ 0.999723
Bittensor (TAO) $ 367.53
Uniswap (UNI) $ 5.19
sUSDS (SUSDS) $ 1.05
OKB (OKB) $ 51.28
NEAR Protocol (NEAR) $ 2.48
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Ondo (ONDO) $ 0.900759
Gate (GT) $ 21.77
Aave (AAVE) $ 173.48
Internet Computer (ICP) $ 4.89
Kaspa (KAS) $ 0.098732
Official Trump (TRUMP) $ 12.85
Ethereum Classic (ETC) $ 16.87
Cronos (CRO) $ 0.091326
Tokenize Xchange (TKX) $ 31.24
Mantle (MNT) $ 0.737330
Render (RENDER) $ 4.72
VeChain (VET) $ 0.026798
USD1 (USD1) $ 0.999988
POL (ex-MATIC) (POL) $ 0.237573
Ethena Staked USDe (SUSDE) $ 1.17
Cosmos Hub (ATOM) $ 4.34
Lombard Staked BTC (LBTC) $ 96,292.00
Fasttoken (FTN) $ 4.29
Filecoin (FIL) $ 2.77
Artificial Superintelligence Alliance (FET) $ 0.701273
Algorand (ALGO) $ 0.210819
Sonic (prev. FTM) (S) $ 0.557140
Ethena (ENA) $ 0.301797
Arbitrum (ARB) $ 0.334602
Celestia (TIA) $ 2.54
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.12
First Digital USD (FDUSD) $ 0.997981
Solv Protocol SolvBTC (SOLVBTC) $ 96,001.00
Bonk (BONK) $ 0.000018
KuCoin (KCS) $ 10.81
Worldcoin (WLD) $ 1.01
Jupiter (JUP) $ 0.454867
Maker (MKR) $ 1,552.09
NEXO (NEXO) $ 1.24
Stacks (STX) $ 0.808978
Binance Staked SOL (BNSOL) $ 154.94
XDC Network (XDC) $ 0.076524
Optimism (OP) $ 0.705880
Flare (FLR) $ 0.018032
Virtuals Protocol (VIRTUAL) $ 1.75
Fartcoin (FARTCOIN) $ 1.14
Immutable (IMX) $ 0.624673
Sei (SEI) $ 0.220402
Binance-Peg WETH (WETH) $ 1,829.43
EOS (EOS) $ 0.724552
Story (IP) $ 3.97
Kelp DAO Restaked ETH (RSETH) $ 1,903.44
USDT0 (USDT0) $ 0.999749
Injective (INJ) $ 9.89
Curve DAO (CRV) $ 0.718423
PayPal USD (PYUSD) $ 0.999709
The Graph (GRT) $ 0.096969
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
Wrapped BNB (WBNB) $ 599.11
Rocket Pool ETH (RETH) $ 2,074.18
FLOKI (FLOKI) $ 0.000084
