Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Darknet Marketplace Hansa Launches Bug Bounty Program

The darknet marketplace Hansa announced last week the launch of a bug bounty program with rewards of up to 10 bitcoins, currently worth more than $10,000.

The darknet marketplace Hansa announced last week the launch of a bug bounty program with rewards of up to 10 bitcoins, currently worth more than $10,000.

Hansa allows users to buy and sell various types of items, including drugs, fraud-related services, jewelry, counterfeit products, electronics, and IT services. The marketplace is designed to minimize the risk of scams operated by vendors and Hansa administrators, and claims to guarantee that users will not lose their funds in case of a hack or law enforcement operation.

In an effort to minimize the chances of the website getting hacked, Hansa’s owners have decided to launch a bug bounty program. The highest rewards, up to 10 bitcoins, will be paid out for vulnerabilities that could “severely disrupt Hansa’s integrity,” such as flaws that expose IP addresses or user information.

Hansa has promised 1 bitcoin, worth roughly $1,000, for bugs and vulnerabilities that are not critical. Users can also earn 0.05 bitcoins ($50) for reporting simple display bugs or unintended behavior.

“To be eligible, you must demonstrate a security compromise on our market using a reproducible exploit. Should you encounter a bug please open a ticket and inform us about your findings,” Hansa administrators wrote in a Reddit post announcing the bug bounty program.

Users who submit vulnerability or bug reports must not make their findings public before the issue has been fixed, and they must refrain from conducting any tests that could have a negative impact on the website or its users. Hansa has advised users to provide detailed proof-of-concepts (PoCs) to increase their chances of receiving a reward.

Hansa has promised to respond to vulnerability and bug reports as quickly as it can, and provide updates while it works to address the problem.

In the Reddit post announcing the launch of the bug bounty program, two users said they had already submitted reports describing vulnerabilities that could have serious consequences if exploited.

Advertisement. Scroll to continue reading.

Last month, someone reported finding a vulnerability that exposed the private messages exchanged by users of the popular darknet marketplace AlphaBay. The individual who discovered the security hole claimed to have created a bot that collected more than 200,000 private messages.

The same individual also said he had identified a flaw in the Hansa marketplace, which allegedly allowed him to obtain 240,000 Hansa usernames.

Related Reading: Historical Perspective on Dark Web Sale of 10 Million Health Records

Related Reading: Behind the Buzz – What Intel Can You Gather from Dark Web Markets?

Related Reading: Top Reasons to Pay Attention to the Dark Web

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...