Tidex, one of the leading platforms for cryptocurrency exchange, has launched its new bug bounty program. To increase its security, the service operated by Elite Way Development LLP is now offering up to $10,000 for detecting critical system vulnerabilities.
How much can white hat hackers earn with Tidex?
Tidex has categorized potential vulnerabilities in its system according to the severity of their impact on the performance. Each category has a specified range of rewards waiting for successful coders.
The smallest prizes are earmarked for the vulnerabilities of the lowest significance. Their amount is between $50 and $500. The weak points classified as “medium” can bring ethical hackers up to $2,000 if detected.
System vulnerabilities defined by Tidex as “high” can bring a reward of even $5,000, whereas the service is ready to pay up to $10,000 for revealing high-risk weak points.
Read also: Crypto security 101
Catching bugs for Tidex
According to HackenProof, a leading bug bounty platform specializing in Web3 security, Tidex requires help for identifying critical vulnerabilities that can lead to request forgery (SSRF and CSRF), database injection attacks, cross-site scripting (XSS) attacks, data breaches, access control and payment manipulation among others.
Although the scope of issues included in the bug bounty program is pre-defined, the detection of any other critical problems can still be rewarded.
Read also: Why are cross-chain bridges such a weak spot in blockchain security?
Web3 seeking defense from hackers
Tidex is just one of the examples of cooperation between white hats and Web3-based services. The rapidly growing popularity of cryptocurrencies has created new possibilities for cybersecurity devotees to practice their hacking skills legally and get paid for it.
Actually, the rewards offered by Tidex are pretty modest compared to other bounties. For example, the current reward for discovering critical weak points of the Wormhole cross-chain messaging protocol used for communication between different blockchains reaches $10,000,000.
Do white hat hackers wear white hats?
Ethical hackers who use their cybersecurity knowledge to help companies identify vulnerabilities are traditionally called white hats. Yet, recently, the term has been frequently used to refer to another group of tech savvies who have nothing to do with ethical hacking. Even though the so-called rewards these individuals gain from tech companies are also commonly known as bug bounties, in reality, they are ransom payments.
Misleadingly called white hats are hackers who are willing to negotiate the return of the stolen funds. As you may guess, they give the money back only if they are allowed to keep a certain amount out of their booty without legal consequences. That is how the Crema Finance liquidity network agreed to leave the thieves with $1.68 million for the return of $8.8 million in July 2022.
Obviously, using the white hat term for cybersecurity defenders and those who abuse system vulnerabilities is heavily criticized by Web3 adepts. However, incentivizing real ethical hackers to detect any weak points before they are discovered by anyone who has no right to wear a white hat can be a solution to avoid many attacks.