$ 1.5b crypto hack losses expose bug flaws

While cryptocurrency losses from security violations have seized the past $ 1.5 billion, cybersecurity experts are urging exchanges to improve bug programs to attract leading ethical hackers and strengthen platform security.
On March 3, blockchain security firm Certik said Crypto from the Hack in February had reached $ 1.53 billionIncludes Bybit Hack Accounting for most losses at more than $ 1.4 billion. Excluding the incident, Certik reported that other exploitation resulted in $ 126 million in losses, including a $ 49 million infini hack.
Ethical hacker Marwan Hachem told Cointelegraph that climbing crypto hack losses has highlights a growing need for better bug programs.
Hachem said to avoid exploitation, exchanges must offer higher and more appealing bug bounty rewards to white hat hackers.
A “out of scope” bug leads to a $ 1.4 billion hack
Hachem, chief operating official with cybersecurity firm Fearsoff, said crypto exchanges should offer higher rewards to ethical hackers to prevent similar exploits.
According to the security professional, the Bug Bounty program safely, the Bybit’s multisignature wallet provider, is considered front and back-end bugs, which means that those who introduce these security issues are not eligible for the rewards.
The security professional said Bybit Hack happened due to a bug that was out of the reward of the Bounty program. “What they consider outside the scope has led to the largest crypto hack in history,” Hachem told Cointelegraph. He added:
“We often violate platforms through bugs found in assets outside the scope. Ethical hackers will not get a reward for such findings, but criminals took advantage of them and stole $ 1.5 billion from bybit.”
Bybit’s official bug bounty has offered a maximum of $ 4,000 on its website and up to $ 10,000 to hackerone – value pale compared to potential rewards for malicious hackers.
Hachem said it would be better to pre-emptively give white hat hackers a bigger reward rather than wait for a major hack to happen and offer 10% of stolen funds as a rewarded white hat. The executive said it was the only “entertaining of evil actors.”
“Encouraging leading ethical hackers to devote their time and attention to the test of an exchange by offering higher rewards will greatly improve its security, will be cheaper, and protect its reputation,” Hachem told cointelegraph.
Related: Bybit Hackers continue launching activities, moving another 62,200 ET
Adopting more strict security measures
Besides Bug Bounty’s better programs, Certik spokesman Cointelegraph said that prevented future exploits such as Bybit Hack requires adoption of tighter security measures.
A Certik Ceintelegraph Certik spokesman said the air-gapped sign devices, inconsistent OS environments for transaction approval and improved verification layers for high-value transactions should be industrial standard.
“Regular red-team exercises and phishing simulations can also help reduce social engineering risks,” the spokesman said.
Certik’s report revealed that Bybit’s exploitation resulted from a phishing attack that was tricking multisignature signers in approved of a malicious contract upgrading. Meanwhile, Infini Hack originated in an admin private key leak, allowing unauthorized backwardness.
Certik said both incidents emphasize the dangers of blind signing and inadequate transaction verification. “These cases emphasize the need for stronger validation, real-time transaction monitoring, and more resilient UI security to prevent manipulation,” Certik added.
https://www.youtube.com/watch?v=kynq5Yofkwo
Magazine: Elon Musk plans to run the government with Blockchain Faces Uphill Battle