An Interview with Simon Kruse, Bounty hunter and developer

Bounty0x recently interviewed Simon Kruse regarding Bounty Hunting, Cryptocurrency, ICO’s, and various cryptocurrency related matters.

Today’s spotlight article features Simon Kruse, the high earning bounty hunter on the Bounty0x platform. Simon has used his programming skills to find critical bugs and claimed multiple bounties.

If you are reading this, and think you’re skilled enough to find bugs, and earn ether you can register today on the Bounty0x platform as a bounty hunter in order to begin claiming rewards.

Please tell us a little bit about your background? How did you get involved in the crypto space?

The first time I heard about the Blockchain was in Bitcoin 2013. But at that time I thought that the Bitcoin would never prevail. As time has shown, my assumption has been wrong. My active entry into the crypto scene started about a year ago. I have spent a lot of time in forums and tried to learn as much as possible about the cryptocurrencies and their technology. I used all this knowledge to start day trading. Unfortunately, I have never realised this in my own project due to a lack of ideas. But now I have been actively involved in the Gimli project for 1 1/2 months as a community manager. We are building a decentralized real-time live games betting platform using the blockchain.

How did you hear about Bounty0x

I first heard about Bounty0x from a friend. He has pointed me to an interesting platform where you can participate in bounty campaigns. That’s how I became aware of this project.

As a bounty hunter, what types of bounties do you prefer to complete?

I prefer to participate in bug bounty campaigns because they offer a great variety. Each system is structured differently and each software has different vulnerabilities. And to think yourself into one of these systems is a lot of fun. But I also take part in other bounty campaigns from time to time.

What are some ideas you have for bounty types and campaigns that do not exist at the moment but which you would like to see offered?

What I would like to see are advisory campaigns. By this I mean for example that there are campaigns where companies are looking for a technical implementation consultation and all this with the help of the Bounty0x platform. Or for example design bounties would be a cool idea :)

Have you ever participated in any bounty campaigns before?

Yes, I have taken part in a few bounty campaigns before, but they often had problems with the organisation when it came to checking which ones were valid. In addition, there was also the problem that some campaigns had problems in calculating and sending the rewards.

What is your skill set?

I have been working in software development for almost 10 years now. It used to be just a hobby for me, but I soon realized that it had to become my profession. For some years now I have been working full-time as a software developer. Over the years I have learned different programming languages, each of which has its own strengths and weaknesses. This gave me a great overview of how a software is structured and which weak points are present or how to use them.

What excites you most about the crypto space right now?

What I love about the crypto space is the wide range of applications it offers. We can easily create decentralized solutions and this solve many of the problems of current centralized solutions. The best example from my point of view is an exchange. With a centralized solution we have to trust that the exchange will handle everything correctly, such as the payment, the trade, the storage of our money and the withdrawal. All this can be solved by smart contracts and we can trust the blockchain, which handles everything transparently.

When you are attempting to claim a bug bounty, let’s say a software bug bounty, or feature improvements, can you tell us your workflow?

I think that’s a very good question. First of all I try to collect information. How for example which web server is used and in which version. Whether the web page directly retrieves the data or via e. g. an api. Let’s say the website uses an api then I try to collect information about it first. Most of the information is obtained by looking at the source code of the website or by looking at which connections your browser creates. As soon as I have found out which endpoints the api allows, I will analyze which data this endpoint expects. For example, if a user edits his profile, there must be an identifier somewhere in the data that identifies the user. Now I try to change this identifier to a random value. Sometimes that is enough for you to assign the data to another user. If this doesn’t work, I try to find a security hole by changing the data. If I should try after some of the opinion that I do not find a security hole here I will try with the next endpoint of the api.

What do you see the future of bounty campaigns looking like?

I see the future of bounty campaigns in the fact that many more companies are starting such campaigns. This does not have to be limited to finding errors in a website. Infrastructures could also be checked for weaknesses. In the current time you can see that more and more companies are starting bug bounty campaigns. This has the big advantage of having a lot more people working on identifying problems and providing solutions where necessary. Therefore, I think that Bounty0x is a great solution to manage such campaigns and will become a big platform in the future.

Where do you see the crypto space heading in the next few years?

I think that in the next few years more and more companies will be moving away from a centralized structure to a decentralized one. This will play a major role in the financial sector in the coming years. I’m talking about simple wire transfers, buying anywhere in the world and all that in seconds with minimal transaction fees. But the whole thing cannot be limited to the financial sector alone. I see the blockchain technology as a big advantage compared to established solutions, that everybody in the world can be a part of this network. This means that everyone can contribute to the validation, storage and processing of data. This is not limited by companies or countries as everyone in the world can continue to build up the various networks by providing a node to drive the expansion. Therefore everybody who is interested in software and technics should get involved with the blockchain.

Thanks Simon! Glad that you are a part of the Bounty0x community. Best of luck in the future.

Learn more about the startup Simon is a part of called Gimli here.

Learn More

For more information about Bounty0x:

Check out our white paper

Join us on Telegram

Subscribe for email updates

Follow us on Twitter

Subscribe to our subreddit