According to an announcement made on December 18, the developer of Atomic Wallet has initiated a bug bounty of $1 million to discover security vulnerabilities in its software wallet.
The launch coincides with a class action litigation currently ongoing against the developer in connection with a $100 million hack in June.
As per the announcement, the development team is soliciting ethical hackers and security experts from around the globe to identify vulnerabilities and security breaches in its open-source code that may affect software.
The team will award $100,000 to white hat hackers who discover and report the most severe vulnerability. The announcement specifies that this category of exposure encompasses any situation in which “it is possible to attack or deplete a wallet without requiring physical access, installed malware, or social engineering,” which “indicates an authentic over-the-internet attack and a defect in our code or dependencies.”
If a hacker discloses vulnerabilities or defects that fail to meet this criterion, they shall receive compensation ranging from $500 to $10,000, contingent upon the gravity of the breach.
An instance of this is when the post specifies that hackers shall receive compensation of $5,000 for uncovering a “high-risk” vulnerability and $10,000 for a “critical-risk” one. The bounty fund for all discoveries amounts to a cumulative sum of $1 million.
Konstantin Gladych, the proprietor of Atomic Wallet, asserted that the bug bounty program would contribute to the wallet’s future security by saying:
“Recent events in the blockchain industry have once again reminded us that cybersecurity is a dynamic field, and the best way to stay ahead is by harnessing the creativity and expertise of the global community. We are confident and eager to see how this program will contribute to our mission of providing a secure and seamless user experience.”
Elliptic, a blockchain analytics platform, disclosed in June that a cybersecurity breach compromised Atomic Wallet cryptocurrency users worth more than $100 million.
August reports stated that victims of the assault are filing a class action lawsuit against Atomic Wallet in an effort to recover damages resulting from the incident. To have a comparable litigation filed in the U.S. state of Colorado dismissed, the developer has asserted that the case “has no ties” to the United States.
Atomic Wallet has confirmed that a cybersecurity breach has resulted in the loss of funds by some users. The incidents potentially originated from “a malware code injection, an infrastructure breach, a virus on user devices, or a man-in-the-middle attack,” the company reports, indicating that they only impacted 0.1% of users.
