Hansa Market, the single largest anonymous dark net market, adopts a bug bounty program to resolve their security issues. This program helps the big companies to fix the security flaws shared by a hacker. The hackers will get paid for finding and sharing the vulnerabilities. All the big companies are benefited from this bug bounty program and appreciating the hackers for their job by paying some amount rather than opposing them.
The dark net marketplace like Hansa rewards $10,000 (10 bitcoins) for those who find the security vulnerabilities on their server. They launched this program only after the AlphaBay administrator adopts it. You knew that Hansa market sells 15,000 unique products including hacked account credentials and illicit drugs, according to CyberScoop.
After the program launch on January 30, a hacker found two bugs on the Hansa market and reported to Deepweb-Sites: like a Captcha bypass that allows for spamming and phishing users and an exposed database that did not contain sensitive information. Then the Hansa offered 1 bitcoin (worth over $1,000) as a reward for finding the vulnerability.
See the Hansa Market bug reports,
Earlier, this bug bounty program was launched by AlphaBay market and found a high profile bugs on their server after the hacker reported to their team. This method helps the company to fix their vulnerabilities and technological flaws.
However, bug bounty program keeps growing and skyrocketed in popularity over the past years.
Sarah Jamie Lewis, a security researcher says that this bug bounty program will not sure help the dark net markets vulnerability issues unless they go deeper into their problem.
He stated that,
“The problems pervading onions [the nickname for websites accessed on the Tor network] are caused by bad assumptions at the software design level — the reliance on web technologies designed for an Internet without consideration for privacy. Bug bounties are only a patch, what we really need are new privacy-oriented software stacks, servers, blog platforms, etc.”
CyberScoop spokesperson says that ‘No bug bounty program can fix the actual problem on the dark net marketplace’.