Finance

A hacker made $120,000 hunting for bugs in the ‘flawed’ software of a cryptocurrency startup that raised a record-breaking $4 billion ICO


Last week, Guido Vranken made $120,000 from his laptop while sitting in his living room.

Vranken has spent the past few days combing through the source code of Eos, the software created by the blockchain company Block.one.

Eos’s developers have taken an unorthodox approach to their software which has caused some delays in the final product’s debut, which will be a blockchain. Block.one is allowing developers outside of the company to create and test out different versions of the technology, and the group that launches its software first will go on to represent the prevailing Eos blockchain.

While delays from this unusual rollout process were largely anticipated, numerous flaws in Eos’s software have also been exposed, and that’s how Vranken managed to make $120,000 in a matter of days.

Advertisement

Despite taking in a staggering $4 billion since the company first embarked on its fundraising efforts last year, Block.one hasn’t yet revealed what it plans to do with the majority of the money, although it’s pledged to invest at least $1 billion into EOS-based startups.

In the brief history of token offerings, Eos’s raise has ballooned to an all time record-high. The company, which is backed by veteran blockchain project founder Dan Larimer, has promised to deliver a powerful system for decentralized apps that might someday dethrone the highly successful blockchain project ethereum. Its launch has been described by its proponents as “a new dawn” and “the beginning of a new age.”

During the week following its launch, the Cayman Islands-based company deployed a small portion of its billions to Vranken, an ethical hacker. Vranken said he approached the company’s chief technology officer, Dan Larimer, after independently discovering flaws in its software.

In the short time he’s spent working on Eos’s technology, Vranken said that he’s discovered 12 bugs. In a deal made with Larimer, Vranken said the company agreed to pay him $10,000 for each bug he finds. (“You are really raking it in,” Vranken said Larimer told him when he re-negotiated the deal for a higher amount.)

Vranken described the security flaws he discovered in Eos as “very bad.”

Netherlands-based hacker Guido Vranken said he made $120,000 in one week from exposing flaws in Eos’s technology.
Guido Vranken

“You could crash a network,” Vranken said on a phone call from his home in the Netherlands. “I’m not sure about the entire Eos network, but you could incur some serious damage.”

Vranken said the flaws he discovered within Eos could have posed a “PR disaster.”

“It would have been good if they started this bug bounty program a lot earlier,” said Vranken. “Now, it seems a bit late.”

While Vranken said that it’s not unusual for projects of Eos’s complexity to have issues early on, he said that both the number of bugs he found and the degree of their severity was troubling.

Vranken has worked on the source code for other blockchain projects in the past. Ethereum, Ripple, and Stellar have all paid Vranken for his work exposing vulnerabilities in their software, he said. Of these projects, Vranken said that Eos has had the largest number of bugs. For instance, since he began working on ethereum’s source code in September, Vranken said that he’s discovered only two bugs in the company’s technology.

Representatives from Block.one, who did not respond to Business Insider’s request for comment, seemed surprised to hear the number of bugs Vranken had discovered, he said. Vranken said that he’s happy with the working partnership he’s made with Eos thus far.

Advertisement

“Good payouts, and they appreciate my effort,” he said. “They told me, ‘Find as many bugs as you can.'”

Vranken said that he believes that searching for bugs in the source code of cryptocurrencies could soon become a burgeoning business for both himself and other hackers.

“I hope that more cryptocurrencies will begin offering bug bounties,” he said. “It will always be in their best interest.”

As for the money he’s made off of Eos this week, Vranken said, “I think I will buy a house.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Popular

To Top