Atomic Wallet, a cryptocurrency wallet developer, has announced a $1 million bug bounty program on December 18 to identify security vulnerabilities in its software. This initiative is launched against the backdrop of an ongoing class-action lawsuit related to a significant hack in June, where the company faced a $100 million cybersecurity breach.
The bug bounty program is an open call to ethical hackers and security experts worldwide, encouraging them to scrutinize Atomic Wallet's open-source code for potential flaws. The developers are offering a tiered reward system: a substantial $100,000 reward for those who uncover the most critical vulnerabilities. These severe vulnerabilities are described as ones that allow an attacker to compromise a wallet remotely, without physical access, malware installation, or social engineering.
Less severe bugs will also attract substantial rewards, ranging from $500 to $10,000, based on the level of risk they present. For instance, vulnerabilities categorized as "high risk" will earn hackers a $5,000 reward, while those deemed "critical risk" are valued at $10,000. The total fund allocated for the bug bounty program sums up to $1 million.
Konstantin Gladych, the founder of Atomic Wallet, expressed confidence in the bug bounty program, citing it as a crucial step towards enhancing the wallet's security. He acknowledged the dynamic nature of cybersecurity in the blockchain industry and emphasized leveraging global expertise to maintain a secure and seamless user experience. This proactive approach follows the June report by blockchain analytics platform Elliptic, which highlighted the theft of over $100 million in cryptocurrency from Atomic Wallet users.
In response to these security incidents, Atomic Wallet has acknowledged that a small fraction of its users, approximately 0.1%, were impacted by these attacks. The company attributes these incidents to possible causes like device viruses, infrastructure vulnerabilities, man-in-the-middle attacks, or malware code injection. Meanwhile, the lawsuit against Atomic Wallet proceeds, with victims seeking compensation for the losses incurred during the June attack. The developer, on their part, has attempted to dismiss a similar lawsuit in Colorado, claiming no significant connection to the United States.
