14 DAY TRIAL // The dark web is taking a page from the book of legit companies and is starting off its own bug bounty program. Hansa Marketplace, a large black marketplace, has launched such a program offering rewards that go north of 10 bitcoins per critical vulnerability, which translates to over $10,000 depending on the BTC price of the day.
Hansa has allegedly brought in $3 million in business in 2016, and with other marketplaces being taken down, it seems to hope to continue growing. Offering users an added sense of security may be just what Hansa needs to attract more people to its pages.
The things that Hansa offers aren’t much different than other dark net markets. People can find here plenty of illegal content, such as hacked account credentials, drugs, and plenty more.
With news spreading about the bugs found on AlphaBay Market, the largest black market on the dark web, but also on Hansa Market, it’s not really a big surprise that a bug bounty program would be launched. After all, if the Pentagon can have one, as well as Google and Facebook, to name a few, why not a dark web marketplace?
Bug reports are already coming
CyberScoop reports that one hacker already found two bugs on Hansa. One was a Captcha bypass allowing folks to spam and phish users. Another was an exposed database that did not contain any sensitive information but was left unprotected nonetheless. The hacker was offered one Bitcoin as a reward for his findings, but the payoff was turned down.
Bug bounty programs are increasingly popular and have become a way to make a living for many white hat hackers who prefer to test programs for security issues before reporting them to the mother-companies. This way, they’re not taking part in any illegal activities, make services safer for all people to use, and get rich in the process. Well, not rich, since the bounty depends on the size of the bug, but they do get paid.
Hansa plans to pay 10 BTC to those discovering vulnerabilities that could severely disrupt the site’s integrity, 1 BTC for noncritical exploits and vulnerabilities, and 0.05 BTC for simple display bugs or unintended behavior.