Atomic Wallet launches $1M bug bounty amid hacking allegations
According to a December 18 announcement, the developer of Atomic Wallet has launched a $1-million bug bounty for finding security flaws in the wallet's software. The launch comes amid an ongoing class action lawsuit against the developer over a $100-million hack in June.
According to the post, the development team is inviting ethical hackers and security experts worldwide to find software bugs and security flaws in open source code. White hat hackers who find the most serious type of vulnerability and report it to the team will receive $100,000. This type of vulnerability is defined as “being able to attack/leak the wallet without physical access, malware or social engineering, which would reveal an attack on the Internet and a flaw in our code or dependencies.” The announcement stated.
If a hacker reports bugs or flaws that don't meet this definition, they'll be fined between $500 and $10,000, depending on the severity of the vulnerability. For example, the Post notes that hackers are paid $5,000 for a “high-risk” vulnerability and $10,000 for a “critical-risk” one. The total amount of the prize pool for all discoveries is $1 million.
Related: Immunefi Launches On-Chain Bug Bonuses Via ‘Vaults' System
Atomic Wallet founder Konstantin Gladich said that the bug bounty program will help ensure the wallet's security in the future.
“Recent events in the blockchain industry have reminded us once again that cybersecurity is a dynamic field, and the best way to stay ahead is by leveraging the innovation and expertise of the global community. We are confident and excited to see how this program contributes to our mission to provide a secure and seamless user experience.”
In June, blockchain analytics platform Elliptic reported that more than $100 million worth of crypto was stolen from Atomic Pocket users due to a cyber security attack. A report in August revealed that victims of the attack are filing a class action lawsuit against Atomic Pockets for damages from the incident. The developer tried to dismiss a similar lawsuit brought against him by the US state of Colorado, saying he had “no connection” to the United States.
Atomic Wallet has acknowledged that some users have lost their funds due to a cyber security attack. According to the company, the attacks affected only 0.1% of users and could be the result of “a virus on user devices, an infrastructure breach, a man-in-the-middle attack or the injection of malware code.”
