Trusted

When News Outlets and Security Researchers Collide

3 mins
Updated by Martin Robaldo
Join our Trading Community on Telegram
According to now-deleted Tweets, the founder and CEO of CoinMall Yousef Abdulhassan was recently accused of attempting to shakedown The Block, a prominent cryptocurrency research and analysis outlet.
The dispute highlights the murky world of penetration testing, bug bounties, and vulnerability disclosures. After all, what happens when a company refuses to pay a fair (or unfair) price for a flaw that could have had disastrous consequences? Extortion

White Knight or Extortionist?

In the Tweets fired out by The Block founder Mike Dudas, it was reported that Abdulhassan had uncovered a security vulnerability in the back-end of The Block and would disclose the mechanisms behind the flaw in return for a reward. Despite deleting the original tweets, The Block has published a write-up of the events on its Medium channel. According to the report, a vulnerability in the way The Block‘s automation server operated led to the public exposure of security tokens which could have been used to gain administrative access to the platform. Following a standoffish back and forth between the two, Abdulhassan was offered $500 for the disclosure, to which Abdulhassan maintained that the amount was low compared to the $10,000 paid by a smaller platform upon the discovery of a similarly severe security vulnerability. In an apparent email between Abdulhassan and The Block, the CoinMall founder mentioned that publicly releasing the information could have a knock-on effect on premium subscriber counts — potentially affecting the revenue of the platform. In the report, the news outlet further alleges that Abdulhassan attempted to gain free advertising from The Block as a reward for the disclosure, before apparently requesting a minimum of $1,500 as a reward. After The Block refused these terms, the report states that Abdulhassan then announced his plan to inform the wider public about the security issue. Security Issue

Retaliation or Public Disclosure?

In response to the recent debacle, Abdulhassan promised to produce a full report detailing exactly how he gained access to the entire infrastructure of one of the largest blockchain news outlets. He also launched a poll, asking his Twitter followers how they would like to receive the public disclosure. According to Abdulhassan, the “public disclosure will showcase how technically incompetent they are, and their lackluster way of handling customer information.” This report has not yet been released at the time of writing.
“A slanderous attempt at trying to save face after their threatening lawyer letter did not scare me off, merely hours ago, in which I was told that “it would be wise to accept this and move on” (this referring to a $500 “reward”),” said Abdulhassan in a later tweet.
The move isn’t without its critics, however, drawing sarcastic comments from multiple people, many of which mocked the CoinMall CEO for apparently attempting to extort The Block. In a statement to BeInCrypto, Abdulhassan fired back with;
“Despite their allegations of a “shakedown” it was anything but that. My only motivation was to inform their site visitors and Genesis subscribers about the severity of the disclosure which could have jeopardized their info in the process.”
Recently, CoinMall made headlines after removing Zcash (ZEC) and Bitcoin Cash (BCH) from its platform, joining a growing list of cryptocurrency-enabled platforms in delisting the two controversial coins. What do you think of the situation between Abdulhassan and The Block, is $500 sufficient payment for the disclosure of a critical vulnerability? Let us know your thoughts in the comments below! Buy and trade cryptocurrencies with a 100x multiplier on our partner exchange, StormGain.
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Daniel_userpic_basic.jpg
Daniel Phillips
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
READ FULL BIO
Sponsored
Sponsored