The security race in the cryptocurrency world is reaching new heights with Atomic Wallet. The developer of the popular wallet app recently announced the launch of a $1 million bounty, a bold move aimed at bolstering the security of its software in the face of an ongoing lawsuit linked to a $100 million hack last June.
An invitation to security experts around the world
According to the announcement, the development team is inviting ethical hackers and security experts from around the world to discover software bugs and security holes in the wallet’s open source code. White hat hackers who identify the most serious type of vulnerability and report it to the team will receive a $100,000 reward. This category of vulnerability is defined as any flaw that enables « a wallet to be attacked/drilled without physical access, installed malware, or social engineering, indicating an actual attack via the Internet and a flaw in our code or dependencies », the announcement states.
If a hacker reports bugs or vulnerabilities that do not meet this definition, they will receive between $500 and $10,000, depending on the severity of the vulnerability. For example, the post indicates that hackers will receive $5,000 for the discovery of a « high-risk » vulnerability and $10,000 for a « critical » vulnerability. The total prize pool for all discoveries is set at 1 million dollars.
Commitment to future wallet security
Konstantin Gladych, founder of Atomic Wallet, says the bug bounty programme will help ensure the security of the wallet in the future. He says: « Recent events in the blockchain industry remind us once again that cybersecurity is a dynamic field, and the best way to stay ahead is to harness the creativity and expertise of the global community. We are confident and eager to see how this programme will contribute to our mission of delivering a secure and seamless user experience. »
In June, blockchain analytics platform Elliptic reported the theft of more than $100 million in cryptocurrency from Atomic Wallet users following a cybersecurity attack. In August, a report indicated that victims of the attack were filing a class action lawsuit against Atomic Wallet, claiming damages for the incident. The developer has sought to dismiss a similar action brought in the US state of Colorado, claiming it « has no connection » with the US.
Atomic Wallet acknowledges that some users have reported the loss of funds following a cybersecurity attack. According to the company, the attacks only affected 0.1% of users and could have been caused by « a virus on users’ devices, an infrastructure breach, a man-in-the-middle attack or a malicious code injection. »
