Analysis Crypto by Thebittimes.Com

Multi-billion dollar stablecoin giants Circle and Tether are being grilled by a DeFi risk management firm over their allegedly “inadequate” bug bounty programs that fail to exceed $10,000.  LlamaRisk published the report on September 1, which assessed the bug bounty programs for crypto assets listed on Aave’s V3 Protocol.  It found that 33 assets, making up $19.7 billion of Aave’s supply, have “adequate” bug bounty programs. Ten assets representing $19.2 billion of Aave’s supply, however, either have no program or are “vastly insufficient.” LlamaRisk says Circle, despite managing $70 billion in assets, has a “vastly insufficient” bug bounty of $5,000. Tether, which manages $160 billion, only offers a bug bounty of $10,000 .  Other assets with low bug bounties include BitGo wrapped bitcoin, Gnosis, and Ripple, while Etherfi, Monerium, PayPal, and Agora are flagged as having no active bug bounty program at all.  Read more: Hacker could’ve printed unlimited ‘E...

This discussion started with the $1.5 billion theft incident of Bybit, mainly exploring the security vulnerabilities of multi-signature wallets (like Safe) and their solutions. DiscussFish pointed out that there are weak points in the infrastructure such as the front end, hardware and browsers that multi-signature wallets rely on. Especially, front-end tampering and blind signing issues cause a mismatch between transaction intentions and actual operations, making them easy to be exploited by hackers. To solve this, he proposed temporary solutions like domain whitelists and transaction parsing plugins, and advocated for an end-to-end closed-loop risk control system, combining AI and third-party verification to boost security. Moreover, DiscussFish first shared his experience of being phished for 12,000 ETH last year, highlighting the risks of blind signing of hardware wallets. He called on the industry to adopt a hierarchical and decentralized structure, a zero-trust architecture, and s...