‘Provenance hashes’ and bug bounties are supposed to protect platforms. Why do so many flaws in crypto and open-source projects fester for years?
Don’t get TechScape delivered to your inbox? Sign up here
In February, Twitter user Brodan, an engineer at Giphy, noticed something odd about Bored Ape Yatch Club (BAYC), the premiere ape-based non-fungible token collection. A record intended to cryptographically prove the trustworthiness of the bored apes contained 31 identical entries, a situation that was supposed to be impossible. “There’s something super-suspicious about some of your apes,” Brodan wrote.
Six months later, when the newsletter Garbage Day brought it to wider attention, Brodan’s query still hadn’t been answered. The situation is all too common in the crypto industry and the wider open-source community, and raises the question of whether there’s something fundamentally wrong with the idea that a crowd of amateurs can effectively hold large projects to account.
Continue reading…Leer másCybercrime | The Guardian
