Cyber security experts spent a month studying blockchain platforms. They detected at least 40 vulnerabilities.

Blockchain with bugs

White hat hackers studied 13 blockchain-related platforms within the period of 30 days, from 13 February to 13 March. Among the platforms that were analyzed there are Coinbase, EOS developer Block.one, Tezos, Brave, and Monero. White hats found 43 vulnerabilities in selected platforms, but none of them were critical.

The greatest number of bugs were found in the gambling blockchain platform Esports Unikrn, which also has its own cryptocurrency called Unikoin Gold. Experts found 12 vulnerabilities in the code of this platform. The OmiseGo blockchain occupies the second place with 6 bugs detected, while Block.one stands on the third line with 5 vulnerabilities found in EOS.

Four errors were detected in the Tendermint blockchain protocol, while Monero, ICON and MyEtherWallet account reportedly to 2 vulnerabilities. Experts found only one non-critical bug in Coinbase, making the cryptocurrency exchange and wallet the leader of this rating.

White hackers sent the results of their research to the developers of the corresponding blockchain platforms.

EOS

Not only blockchain platforms themselves suffer from vulnerabilities, but also applications created in their ecosystems. Thus, according to the research company PeckShield, applications created on the EOS blockchain suffer from a wide range of vulnerabilities. Fraudsters managed to steal around 400,000 EOS worth almost $800,000. As of 26 November 2018, 27 hacker attacks were performed on decentralized applications in the EOS ecosystem.

For example, in September, users of the Newdex decentralized exchange lost $58,000 as they bought fake EOS tokens. Fraudsters created an EOS-account and with its help launched tokens called EOS on the real EOS blockchain, giving them the same name. After that, they transferred new tokens to the Newdex trading platform and exchanged for BLACK, IQ and ADD tokens. These tokens were subsequently exchanged for real EOS tokens and partially withdrawn.