The third most popular dark net market, Hansa, has recently announced a bug bounty program which offers rewards of up to ten bitcoins for each vulnerability found in its marketplace.
Also read: FBI Releases ‘Primer’ Successfully Infiltrating Darknets
Bug Bounty Program
Hansa Market’s bug bounty program offers rewards of up to ten bitcoins (worth over $10,200 at press time) for each security hole or other problem found. Open to anyone, users can anonymously submit bugs found on the site and get paid when they are
There are three levels of vulnerabilities that Hansa Market is considering. Those that could “severely disrupt” the integrity of user or vendor information reel in the biggest reward of ten bitcoins per bug found. Noncritical vulnerabilities that could only take the marketplace down temporarily earn their finders a one bitcoin bounty.
In addition, for “simple display bugs or unintended behavior” which are non-critical but could lessen the user experience, Hansa Market offers 0.05 bitcoin, about $52 each at today’s price.
Each submitter has to “demonstrate a security compromise on our market using a reproducible exploit” in order to win a bounty, then enter a customer support ticket detailing it. At press time, two developers have publicly announced on Hansa Market’s Reddit page that they have submitted bug findings to the marketplace.
Recent Bugs Highlight Security Risks
As darknet markets grow in popularity, marketplace security vulnerabilities are being increasingly exploited. Last month, for example, two bugs were exposed on Alphabay, the largest darknet market with the most products and users.
One bug exposed over 218,000 personal messages sent between their users within the previous 30 days, while the other 
allowed the hacker to obtain a list of all usernames and their respective user IDs. “The attacker was paid for his findings, and agreed to tell us the methods used to extract such information,” said Alphabay admins, and the company immediately fixed the bugs.
Shortly after, the same hacker a bug in Hansa Market which allowed him to compile a list of the market’s usernames.
Third Most Popular, Highly Rated Market
Launched in July 2015, Hansa Market is the third-most popular dark net market, according to cyber risk intelligence company SurfWatch Labs. At press time, there are 32,895 products and services showing in the marketplace.
According to Deepdotweb, Hansa Market has the fourth largest selection of goods and the fourth most reviews among ranked dark web markets. It has 98 ratings with 4.3 stars, which is a higher rating than other sites ranked, including Alphabay and Dream Market.
Hansa Market takes a 3% commission on all sales and requires a 0.3 bond for vendors. The marketplace reportedly facilitated over $3 million worth of sales between September 2015 and December 2016.
Using Bitcoin to Minimize Scams
One of Hansa Market’s methods to minimizing scams includes using multisignature addresses. Previously, most dark web markets used only a standard Bitcoin address for their escrow account. After customers deposited money into it, the site administrator 
would wait to hear from both parties before releasing the funds. While sounding good in theory, this arrangement allows the marketplace’s administrator to perform an ‘exit scam’, which is when they disappear with all of the money in the site’s many escrow accounts, never to be heard from again. Unfortunately, this has been a common occurrence in darknet markets.
Hansa Market uses 2-of-3 multisignature wallets, so that the customer, the vendor, and Hansa admins all receive a Bitcoin private key for each sale. The money is released to the vendor, or sent back to the buyer, only when two of the three keys are used to move the money.
According to its website, the marketplace’s primary focus is to minimize scam opportunities for vendors and market admins alike, adding that:
After recent exit scams of various marketplaces (e.g. Evolution, Blackbank, Nucleus) we wanted to create a market where it is impossible for either admins or vendors to run away with your funds.
What do you think Hansa Market’s bug bounty program? Let us know in the comments section below.
