Responsible vulnerability disclosure in cryptocurrencies

Rainer Böhme, Lisa Eckey, Tyler Moore, Neha Narula, Tim Ruffing, Aviv Zohar

Research output: Contribution to journalReview articlepeer-review

11 Scopus citations


Despite the focus on operating in adversarial environments, cryptocurrencies have suffered several security and privacy problems. In this article, researchers focus on the disclosure process itself, which presents unique challenges compared to other software projects. They examine some recent disclosures and discuss difficulties that have arisen. Cryptocurrency software is complex and vulnerabilities can be readily, and anonymously, monetized. Responsible vulnerability disclosure in cryptocurrencies is challenging as decentralized systems, by design, give no single party authority to push code updates. This review of case studies informs recommendations for preventing catastrophic cryptocurrency failures. Design decisions such as which protocol to implement or how to fix a vulnerability, must get support from most stakeholders to take effect.

Original languageAmerican English
Pages (from-to)62-71
Number of pages10
JournalCommunications of the ACM
Issue number10
StatePublished - 23 Sep 2020

Bibliographical note

Funding Information:
This work is partially funded by: Ar chimedes Privatstiftung, Innsbruck, U.S. National Science Foundation Award No.~ 1714291, ISF grant 1504/17, HUJI Cyber Security Research Center Grant, DFG grants FA 1320/1-1 (Emmy Noether Program) and SFB 1119— 236615297 (Crossing), and BMBF grant 16KIS0902 (iBlockchain).


Dive into the research topics of 'Responsible vulnerability disclosure in cryptocurrencies'. Together they form a unique fingerprint.

Cite this