$1.5B crypto hack losses expose bug bounty flaws
As cryptocurrency losses from security breaches surge past $1.5 billion, cybersecurity experts are urging exchanges to improve bug bounty programs to attract top ethical hackers and strengthen platform security.
On March 3, blockchain security firm CertiK said that crypto lost from hacks in February had reached $1.53 billion, with the Bybit hack accounting for the majority of losses at more than $1.4 billion. Excluding the incident, CertiK reported that other exploits had resulted in $126 million in losses, including a $49 million Infini hack.
Ethical hacker Marwan Hachem told Cointelegraph that the surge in crypto hack losses highlighted a growing need for better bug bounty programs.
Hachem said that to prevent such exploits, exchanges must offer higher and more appealing bug bounty rewards to white hat hackers.
Hachem, chief operating officer at cybersecurity firm FearsOff, said crypto exchanges must offer higher rewards to ethical hackers to prevent similar exploits. According to the security professional, the bug bounty program of Safe, Bybit’s multisignature wallet provider, considered bugs related to the front and back-end out of scope, meaning those who identified these security issues were not eligible for rewards. The security professional said the Bybit hack happened because of a bug that was not in the scope rewarded by the bounty program. “What they considered out of scope led to the biggest crypto hack in history,” Hachem told Cointelegraph. He added: “We often breach platforms through bugs found in out-of-scope assets. Ethical hackers wouldn’t get rewarded for such findings, but criminals exploited them and stole $1.5 billion from Bybit.” Bybit’s official bug bounty offers a maximum of $4,000 on its website and up to $10,000 on HackerOne — amounts that pale in comparison to the potential rewards for malicious hackers. Hachem said it’s better to pre-emptively give white hat hackers bigger rewards instead of waiting for a major hack to happen and offer 10% of the stolen funds as a white hat reward. The executive said this only “emboldens bad actors.” “Motivating top ethical hackers to dedicate their time and attention to testing an exchange by offering higher rewards will greatly improve its security, will be a lot cheaper, and will safeguard its reputation,” Hachem told Cointelegraph. Related: Bybit hackers resume laundering activities, moving another 62,200 ETH Alongside better bug bounty programs, a CertiK spokesperson told Cointelegraph that preventing future exploits like the Bybit hack requires adopting stricter security measures. A CertiK spokesperson told Cointelegraph that air-gapped signing devices, non-persistent OS environments for transaction approvals and enhanced authentication layers for high-value transactions should become industry standards. “Regular red-team exercises and phishing simulations can also help mitigate social engineering risks,” the spokesperson said. CertiK’s report revealed that Bybit’s exploit resulted from a phishing attack that tricked multisignature signers into approving a malicious contract upgrade. Meanwhile, the Infini hack stemmed from an admin private key leak, allowing unauthorized withdrawals. CertiK said both incidents underscored the risks of blind signing and inadequate transaction verification. “These cases emphasize the need for stronger authentication, real-time transaction monitoring, and more resilient UI security to prevent manipulation,” CertiK added. Magazine: Elon Musk’s plan to run government on blockchain faces uphill battle
An “out of scope” bug led to a $1.4 billion hack
Adopting stricter security measures
Bitcoin (BTC) $ 116,417.00
Ethereum (ETH) $ 4,039.42
XRP (XRP) $ 3.30
Tether (USDT) $ 0.999995
BNB (BNB) $ 796.75
Solana (SOL) $ 177.26
USDC (USDC) $ 0.999802
Lido Staked Ether (STETH) $ 4,031.44
Dogecoin (DOGE) $ 0.230464
TRON (TRX) $ 0.338258
Cardano (ADA) $ 0.797414
Wrapped stETH (WSTETH) $ 4,883.76
Wrapped Bitcoin (WBTC) $ 116,436.00
Chainlink (LINK) $ 20.84
Stellar (XLM) $ 0.449421
Hyperliquid (HYPE) $ 41.08
Sui (SUI) $ 3.89
Wrapped Beacon ETH (WBETH) $ 4,339.36
Bitcoin Cash (BCH) $ 586.23
Wrapped eETH (WEETH) $ 4,330.29
Hedera (HBAR) $ 0.262126
Avalanche (AVAX) $ 24.04
Ethena USDe (USDE) $ 1.00
WETH (WETH) $ 4,038.45
Litecoin (LTC) $ 123.34
Toncoin (TON) $ 3.32
LEO Token (LEO) $ 8.98
USDS (USDS) $ 0.999673
Shiba Inu (SHIB) $ 0.000013
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999539
Uniswap (UNI) $ 10.98
WhiteBIT Coin (WBT) $ 44.15
Coinbase Wrapped BTC (CBBTC) $ 116,445.00
Polkadot (DOT) $ 4.01
Cronos (CRO) $ 0.162387
Bitget Token (BGB) $ 4.48
Ethena Staked USDe (SUSDE) $ 1.19
Monero (XMR) $ 271.54
Pepe (PEPE) $ 0.000012
Aave (AAVE) $ 292.38
Ethena (ENA) $ 0.650056
Dai (DAI) $ 0.999760
Bittensor (TAO) $ 374.91
Mantle (MNT) $ 1.05
Ethereum Classic (ETC) $ 22.75
NEAR Protocol (NEAR) $ 2.74
Ondo (ONDO) $ 1.02
Aptos (APT) $ 4.75
Pi Network (PI) $ 0.382506
Internet Computer (ICP) $ 5.50
OKB (OKB) $ 46.25
Jito Staked SOL (JITOSOL) $ 216.60
Kaspa (KAS) $ 0.093317
Binance-Peg WETH (WETH) $ 4,038.72
Algorand (ALGO) $ 0.265745
Pudgy Penguins (PENGU) $ 0.036825
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Arbitrum (ARB) $ 0.438706
POL (ex-MATIC) (POL) $ 0.248132
USD1 (USD1) $ 0.999698
Cosmos Hub (ATOM) $ 4.63
VeChain (VET) $ 0.024616
Gate (GT) $ 16.90
Render (RENDER) $ 3.87
Bonk (BONK) $ 0.000026
Fasttoken (FTN) $ 4.57
Worldcoin (WLD) $ 1.03
Story (IP) $ 6.44
Rocket Pool ETH (RETH) $ 4,602.19
sUSDS (SUSDS) $ 1.06
Official Trump (TRUMP) $ 9.41
Binance Staked SOL (BNSOL) $ 189.33
Artificial Superintelligence Alliance (FET) $ 0.704076
Sei (SEI) $ 0.315142
Sky (SKY) $ 0.084909
Kelp DAO Restaked ETH (RSETH) $ 4,235.70
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 5.08
Filecoin (FIL) $ 2.56
SPX6900 (SPX) $ 1.79
Flare (FLR) $ 0.022889
Lombard Staked BTC (LBTC) $ 116,297.00
StakeWise Staked ETH (OSETH) $ 4,266.21
Jupiter (JUP) $ 0.498607
XDC Network (XDC) $ 0.092266
Mantle Staked Ether (METH) $ 4,320.95
USDtb (USDTB) $ 0.999844
Liquid Staked ETH (LSETH) $ 4,322.78
Injective (INJ) $ 14.27
Provenance Blockchain (HASH) $ 0.028927
KuCoin (KCS) $ 10.71
USDT0 (USDT0) $ 0.999950
NEXO (NEXO) $ 1.35
Optimism (OP) $ 0.768137
Stacks (STX) $ 0.740790
Curve DAO (CRV) $ 0.945488
Renzo Restaked ETH (EZETH) $ 4,260.06
First Digital USD (FDUSD) $ 0.997226
Celestia (TIA) $ 1.76
Tether Gold (XAUT) $ 3,388.66
Falcon USD (USDF) $ 1.00
