ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.


24hr ---

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story


Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
Ether Price Analysis
Contact Us

Ethereum Bug Bounties




Ethical hackers provide a much-needed service in discovering vulnerabilities on the blockchain through sponsored bug bounty programs

For those who may confuse the term ‘bug bounty’ with an insect hunt, according to Wikipedia:

“A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.” 

Bug bounty programs have become more commonplace in the internet industry since Netscape launched the first of its kind in 1995 for its Netscape 2.0 browser. While in the beta phase, Netscape sought out hackers, programmers, and anyone with the technical skill to seek out vulnerabilities, including backdoors to their software, in exchange for cash.

Fast forward to the present and we discover that current bug bounty programs launched by major companies like Uber, Facebook, and Snapchat are similar to the bug bounty created by Netscape. One big difference, however, is that many of these bounties now offer payments in the form of a cryptocurrency, such as Bitcoin (BTC) and Ether (ETH), in addition to fiat currency. With the value of incentives ranging from a few dollars per bug discovered for small startup bounties to hundreds of thousands of dollars for bugs found in Google and Apple programs. Bug bounties have become a standard for tech companies looking to test the security of their applications while strengthening the overall code infrastructure.

Ethereum’s own bug bounty program has run continuously since early 2015 and has helped secure the network and Proof of Work (POW) algorithms.

Ethereum’s bug bounty site states:

“Ethereum has a clear goal: delivering stable protocols and secure software. We call on our community and all bug bounty hunters to help us deliver flawless protocols and clients. Earn cold hard cash for finding a vulnerability and get a place on our leaderboard.”

One of the leading bug bounty platforms is HackerOne, a San Francisco-based company founded by Facebook, Microsoft, and Google security experts. Using HackerOne’s simple interface, clients can set up a bug bounty project that defines their needs, rules, and incentives. HackerOne serves as an intermediary between companies and hackers (also called security ‘researchers’ or ‘finders’) that customizes and assigns appropriate hackers based on the specific needs of a project. Users on the platform are also free to invite other hackers to submit vulnerability reports. HackerOne supports bug bounty programs on and off the blockchain and even hosts an annual hackathon event in Las Vegas where hackers from across the globe seek out ‘bugs’ in real-time before a live audience.

On the other side of the spectrum, there is a decentralized bug bounty program that exists purely on smart contract technology. Glass Hunt is an anonymous organization that’s considered a playground for developers and interested individuals who wish to hack the blockchain technology in order to help it grow. 

A new Ethereum-based automated bug bounty framework for Ethereum smart contracts, “Put Your Money Where Your Contract Is,” created by Ron Meron, is a proposed mechanism that allows high-stake contract authors to create a trustless, Ethereum-based bug bounty. This bounty is created after the high-stake contract is published, but before the contract is put into action. Simply put, bug bounties are enacted before the contract goes into full effect.

For blockchain networks like Ethereum, crowdsourced bug bounties provide a much-needed service to address the security of smart contracts and fairness as a whole. Bounties incentivize outside sources to fix issues that may cause Ether theft and correct game-theory probability models for online gambling platforms that employ random-number generation. As more bug vulnerabilities are discovered by bug bounty hunters, the blockchain ecosystem can only become stronger and more secure.   

Los Silva

Los Silva is a writer and filmmaker who has collaborated with tech and design companies. His interest in Ethereum stems from emerging creative applications that allow artists control of their work through blockchain technology.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest bug bounty, HackerOne or other Ethereum ecosystem news.