Bug bounty programs invite white hat hackers to test products for vulnerabilities in exchange for monetary rewards. HackenProof facilitates bug bounty programs by connecting clients, hackers, and managing the process. Compared to penetration testing, bug bounty programs involve more testers over longer periods of time with varying skills, and compensation is based on bugs found rather than process. There are public, private, and onsite event-based bug bounty program types. Challenges for blockchain include coverage, supply/demand imbalance, persistence, and rapid development. Existing blockchain programs range from $100-25,000 with Ethereum having the most activity so far. The document provides contact information to launch a bug bounty program.

1. Bug Bounty for Blockchain Projects
Evgenia Broshevan,
Project Lead at HackenProof

2. What is a Bug Bounty program?
Bug bounty program is a process where organizations invite white hat hackers to
test their products for vulnerabilities (bugs) in exchange for monetary rewards
(bounties).

3. What is HackenProof?
Client that wants to test
Security of their systems
HackenProof provides
seamless communication
between hackers
and the client
Highly skilled white hat
hackers from all
over the world

4. Penetration Testing VS Bug Bounty
Bug Bounty Advantages
Limited in number of researchers
Limited in time
Limited in skill
Compensation based on process
Hundreds of researchers
Months or years of testing
Various background
Compensation based on bugs

5. Bug Bounty Program Types
● Public Programs
Everyone on the platform can participate. Great for large and mature products.
● Private programs
The client hand-picks a number of proven researchers with relevant background that are relevant
to the client. The program is completely anonymous. Great for pre-release and early products.
● Onsite Bug Bounty Events
A carefully selected group of 20-30 top hackers gathers in a single location to work on testing
the client’s product non-stop in marathon conditions for 1-3 days. Great for bringing attention
to your product, achieving quick results, and educating your security team.

6. Challenges in Blockchain Industry
● Insufficient detection coverage
● High demand and lack of supply
● Persistence
● Rapid and complex development lifecycle

7. State of the industry
Blockchain BB: https://hackenproof.com/public-bug-bounty-list

8. Bug Bounty in Blockchain
Company Launch Date Bounties Paid Bounty Range Hackers
Ethereum 2015 167200 500 - 25,000 26
Stellar 2017 N/A 500 - 25,000 19
Dash 2017 N/A 100 - 10,000 8
Monero 2017 N/A N/A 18
RSK April, 2018 23250 1,000 - 10,000 5
EOS May, 2018 514500 100 - 10,000 50
Vechain May, 2018 1500 500 - 10,000 8
Tron June, 2018 65700 100 - 10,000 13
Tezos June, 2018 0 N/A 0
Augur June, 2018 21450 1,000 - 200,000 7
PIVX July, 2018 150 200 - 5,000 3
Everitoken September, 2018 2500 500 - 5,000 1
TTC September, 2018 1500 600 - 5,000 2

9. How to launch a Bug Bounty Program?

10. EVGENIA BROSHEVAN
Project Lead at HackenProof
Email: e.broshevan@hacken.io
Twitter: @jerh17