In the midst of an ongoing class-action lawsuit stemming from a $100-million hack in June, the developer of Atomic Wallet has initiated a $1-million bug bounty program with the aim of identifying security flaws in its wallet software.
The development team, in an announcement on December 18, has extended an invitation to ethical hackers and security experts worldwide to examine the open-source code for potential vulnerabilities.
As part of the program, white hat hackers who uncover the most severe vulnerabilities—defined as those enabling over-the-internet attacks without physical access, installed malware, or social engineering—have the opportunity to earn $100,000. This initiative reflects a proactive approach to enhancing the security of the Atomic Wallet and addressing potential vulnerabilities.
The bug bounty program has been established with the primary goal of bolstering the security of the wallet and mitigating the potential risks associated with future cyber threats.
In addition to the substantial reward of $100,000 for the most severe vulnerabilities, the program offers compensation ranging from $500 to $10,000 for hackers who identify bugs or flaws that fall outside the criteria of the most critical vulnerabilities.
The rewards are tiered based on the severity of the vulnerability, with $5,000 allocated for a “high-risk” discovery and $10,000 for a “critical-risk” one.
The overall bounty pool for all discoveries within the program is set at $1 million, reflecting a commitment to incentivize the identification and remediation of security vulnerabilities across various levels of severity.
Harnessing the ‘expertise of the global community’
Konstantin Gladych, the founder of Atomic Wallet, has conveyed confidence in the bug bounty program’s capacity to leverage global expertise and creativity in enhancing cybersecurity. He emphasized the dynamic nature of cybersecurity within the blockchain industry and highlighted that the most effective strategy to stay ahead is by tapping into the creative and expert capabilities of the global community. The bug bounty program stands as a proactive measure to identify and address potential security vulnerabilities with the collaborative efforts of ethical hackers and security experts worldwide.
$100 million hacking incident
In June of this year, Atomic Wallet experienced a hacking incident amounting to $100 million. The security breach impacted around 5,500 users of the non-custodial cryptocurrency wallet and has been attributed to the North Korean Lazarus Group.
Subsequently, two months after the incident, victims initiated a class-action lawsuit against Atomic Wallet, seeking compensation. The claims are based on the company’s alleged failure to share accurate information about the incident with users and the purported failure to provide the same information to law enforcement.
Although Atomic Wallet has acknowledged reports of lost funds resulting from the cybersecurity attack, the company has maintained that only 0.1% of users were affected by it. The ongoing class-action lawsuit suggests ongoing legal repercussions related to the security breach.