The difference between how secure and vulnerable your crypto investment is could be one bug away. Notwithstanding the significant investments that trading platforms undertake to fortify themselves, bugs could still prove to be their Achilles heel. As a deterrent, many seek the hacker community’s expertise to identify potential threats to their systems. They exploit this expertise through their bug bounty programs. Bithumb Global (BG) has one such plan, and this article provides its in-depth examination.

What is Bithumb Global?

Bithumb Global is a South Korean cryptocurrency exchange that is part of the Bithumb family. It positions itself as the gateway to global crypto transactions. It is rich in features making it the ideal platform to trade in. Its salient features include:

Diverse Market

Bithumb offers transactions in a wide variety of cryptos. Additionally, it has the following boards making up its market, diversifying the offerings its users can enjoy:

The Main Market – It comprises mature and well-tested coins. Consequently, it is a low-risk market.

GEM – Is a board consisting of newly launched coins requiring more testing. As such, there is an element of risk attendant to their trading.

DeFi – Its a decentralized finance board. Again since most of the coins require testing, this board is risky too.

ETF – This is the smart token board. The yield rate, similar to the traditional ETFs in finance, is pegged to an asset.

Pow Coin – This board consists of audited projects with no pre-pow mechanisms.

Ability to Purchase Crypto In local Currency

Bithumb global accepts various payment methods. These include Visa, Mastercard, M-Pesa, PayPal, Google Pay Skrill, and many others.

Block deal

The users of Bithumb Global have the added advantage of enjoying joint liquidity resulting from the collaboration of Bithumb, Bithumb Singapore, and Bithumb global and their global partners.

Spot Trading

Bithumb Global incorporates a 24 hour 365 days bid and ask offer market. Settlements on the spot market are instantaneous.

Margin Trading

The users of Bithumb Global can use funds borrowed from the exchange to fund their trades/investments.

Bithumb Global Learning

BG provides a platform for educating its users about its products. It adopts a Q&A format to increase user knowledge while rewarding them with tokens.

BG Mining

BG mining is a stage for users to mine different coins. BG undertakes to source high-quality mining projects for its users.

BG Staking

BG allows its users to hold cryptos for rewards.

BG Staging

Users will get rewards for participating in projects debuting on its blockchain.

Bithumb Global Bug Bounty Program

Bithumb Global has a three-stage bug bounty program. Let us examine its workings.

The reporting stage

During this stage, the reporter records threat intelligence to SlowMist Zone under “Submit bug Bounty.”

Processing Stage

The SlowMist Security team will confirm the threat intelligence report within one day of receiving it. Additionally, it will make a follow-up by evaluating the report end informing Bithumb Global about it. After that, the Bithumb Global technical team will deal with the problem within three working days. They will also communicate with the reporter when necessary to seek their assistance.

Repairing Stage

Bithumb Global business department will repair the problems identified and provide an update. The time frame for resolution varies with the severity and difficulty of fixing it. The expected time frame is 24 hours for critical and high-risk problems, three working days for medium risk problems, and up to 7 days for low-risk. Further, the repair time frame depends on individual cases.

From there, the reporter reviews if the problem has been solved. They, too, provide an update.

After confirming the resolution of issues raised, Bithumb Global will inform the SlowMist Security team of the same and provide the vulnerability score. Together these teams will issue the reward.

4 Types of Vulnerabilities that Bithumb Addresses

The following are the four types of vulnerabilities that big thumb global addresses:

Critical Vulnerabilities

These are exposures that occur in the core business system. They cause severe impact, gain access to the business system control, the staff core system management, and even control the ecosystem. They include:

multiple access in the internal network

Gain core backend super administrator access

leak enterprise core data and cause severe impact

Smart contract overflow and conditional competition vulnerability

High-risk Vulnerabilities

Vulnerabilities in this category include changing system access

- system SQL injection

- gain unauthorized access to sensitive information

- Arbitrary document reading

- XXE vulnerability

- unauthorized operations involving money

- logical design and process defects

- other vulnerabilities affecting users on a large scale

- leakage of source code

- permission to control defect in the smart contract

Medium-risk Vulnerabilities

Medium risk vulnerabilities are those that affect users by the interaction part.

- general unauthorized operations such as bypassing restrictions to modify user operations

- denial-of-service vulnerabilities

- exposures arising from the successful explosion of sensitive operations

- leakage of locally-stored sensitive authentication key information

Low-risk Vulnerabilities

These are low impact vulnerabilities. They include local denial-of-service vulnerabilities, problems arising from Android component permission exposure, general application access, etc.

Vulnerabilities not covered

The bounty program temporarily excludes the following vulnerabilities unless they cause serious business impact.

- Third-party application vulnerabilities

zero-day vulnerabilities

- Low version browsers/platforms/plug-ins affecting a user

theoretical issues

- DNS related issues , server configuration problems account blasting missing HTTP security headers

OPTIONS/TRACE/HTTP method enabled

The Reward Program

In conjunction with SlowMist Zone, BG will offer vulnerability level rewards as follows:

Rules Governing the Program

Participants in the Bithumb bug bounty program must adhere to the following regulations.

- Refrain from the use of automatic scanners and other actions creating a large number of traffic requests

- Avoid possible impacts or restrictions

- All testers must use their accounts

- A tester shouldn't abuse the Dos/Ddos vulnerabilities, social engineering attacks, spam, and phishing attacks.

- Bithumb will only pay for the highest level vulnerabilities for combined exploitable ones.

- Agree to non-disclosure of discovered vulnerabilities unless Bithumb Global permits that

Bithumb Global’s Support for DeFi

BG supports the DeFi sector. It augments Binance Smart Chain and its projects, thereby helping bring the DeFi experience to many the world over. Also, it accommodates debuting projects and enhances the DeFi experience through its derivatives trading and stacking mechanism. Its airdrops, multi-channel and multi-regional features make it suited for the sector. Finally, it will partner with other global projects to develop the Defi Ecosystem.

Final Thoughts

Bugs do make a difference in how robust a platform is. It follows that a platform riddled with bugs is susceptible to attacks. The reverse is true too. For these reasons, many crypto projects invest a great deal in discovering and eliminating bugs within their systems.

Bug bounty programs are their go-to vehicles. The crypto market abounds with them, and Bithumb Global is offering itself as the platform of choice. Its rich features and integration of the DeFi function raises its structure above the competition. Its users can look forward to fulfilling experiences wherever they’re in the globe.