Multi billion Dollar Stablecoin Giants Circle and Tether are grilled by a Defi-risk management company about their alleged “insufficient” BUG premium programs that do not exceed $ 10,000.
Llamarisisk published the report on 1 September that the Bug Bounty programs assessed for Crypto assets mentioned on the V3 protocol of Aave.
It discovered that 33 assets, which make up $ 19.7 billion in Aave’s offer, have “enough” Bug -Bounty programs. However, ten assets representing $ 19.2 billion in Aave’s offer have no program or are ‘enormously insufficient’.
Llamarisk says that, despite managing $ 70 billion in assets, Circle has a “very insufficient” bugbout of $ 5,000. Tether, who manages $ 160 billion, Only offers a bug -bounty of $ 10,000.
Other assets with low bug -pronene include bitgo -wrapped bitcoin, gnosis and wrinkle, while Etherfi, Monerium, PayPal and Agora do not have an active Bug Bounty program at all.
Read more: Hacker could have printed unlimited ‘ether’, but chose $ 2 million bug bounty instead
However, Llamarisisk notes that both circle and tether, also as Paywell, all work as “centralized, complete reserve spending”, with “robust” legal activities that would compensate for various security risks that Bouten Banks are used to tackle.
To have a bug -bounty attracted to attract competent security researchers, Llamarisisk considers a minimum premium of $ 50,000, which would scales based on the total value (TVL) in the game.
“For protocols with TVL above $ 250 million, a maximum payment of more than $ 1 million represents a sufficiently capitalized program,” Llamarisisk claims.
BUG PROPRONENE become “de facto industrial standards”
Bug-Pronene is offered to “White-Hat-Hackers” as a means to stimulate ethical hackers to discover software vulnerabilities. Coinbase, for example, has launched a BUG -Bounty program this year that aimed to secure its smart contracts, with rewards ranging from $ 5,000 for low risks up to $ 5 million for critical finds.
White Hoackers are asked to make a report on the hack, not to make it known to a third party and should not exploit it in a malignant way.
In some cases, however, a premium is offered to a ‘bad actor’ who steals funds from a company.
Indeed, last July the crypto Exchange GMX was hacked for $ 42 million. The exchange offered the hacker a premium of 10% and in the end the hacker started to return the money in exchange for $ 5 million.
Read more: Justin Sun defends HTX while it lends 92% of his USDT on Aave
Llamarisk, which is partially financed by the Aave Dao, says that Aave must participate in assets stated on his protocol and must encourage them to implement an industrial standard BUG Bounty program.
It notes that although legal frameworks in the US and the EU require robust security standards, Bug -Bounty programs are not required.
Looking at the future, but Llamarisk claims that BUG prosies “quickly become the facto-industrial standards that will probably receive regulatory control during license assessments or post-incident research.”
