HackerOne and Crypto.com announce largest bug bounty ever.
With 100 million users in 90 countries around the world, Singapore-based Crypto.com is one of the largest crypto trading platforms in the world. As you can imagine, trust is a central pillar that underpins everything the organization does, and the foundations of that trust lie in security and privacy. This security-first philosophy is driven home by the promise that security and privacy are built into the business by design and by default. “We apply a zero-trust and defense-in-depth security strategy across all of our systems and platforms,” says Crypto.com, “to continually strengthen our security posture, we invest heavily in ongoing training for security and privacy awareness for all staff. And now it’s investing heavily in hackers, for a record $2 million. Here’s what you need to know.
Crypto.com ups the ante by investing in hackers to detect security issues before they can be exploited by cybercriminals
Crypto.com is not new to the world of bug bounty platforms; after all, it has been on the HackerOne platform since May 2018. During that time, it has paid a total of $539,130 in bounties to hackers, the highest bounty range, according to HackerOne’s own statisticsfalling in the range of $3,759 to $40,000. All this could change, and how.
This existing bug bounty program is being updated to increase the maximum amount payable to hackers who successfully find certain types of security vulnerabilities. It now stands at $2 million. In case you need some idea of the importance of this milestone, this is the largest bug bounty HackerOne has ever offered since its founding in 2012.
“Security and compliance are the foundation of everything we do at Crypto.com,” said Kris Marszalek, CEO of Crypto.com, “as our business and the industry continue to grow, it is extremely It’s important that we stay focused on our core business principles, and this new bonus program does that by setting a new bar. Setting a new bar is an understatement in my opinion. This new bonus cap sets a challenge for other organizations. wonder to what extent they take really seriously about security beyond buzzwords and marketing?
Raising the standard for how organizations should interact with and reward hackers
If you’re not familiar with hacking, finding out that HackerOne has a Hacking Manager might be a surprise, but here we are. This position is held by Chris Evans, who is also the most commonly held information security officer. “The best programs on our platform not only follow our best practices,” Evans said, “but continually improve how all organizations should interact with and reward ethical hackers. »
Crypto.com has some experience with security assurance, being the first “virtual asset platform” to achieve multiple security certifications across all platforms. But Jason Lau, chief information security officer, said: “While we have spent significant effort achieving high-level security certifications, maintaining security assurance requires focus and improvement. continuous. »
This is why Crypto.com is a respectful partner of the hacker community, which it considers an extension of its internal security team, through the HackerOne platform. “Deepening our relationship with HackerOne through this milestone,” concluded Lau, “and establishing this historic premium underscores our commitment to improving safeguards and consumer protection.”
Go Get ‘Em, Hackers: How to Win That $2 Million Bounty on Crypto.com
So the question remains whether hackers have what it takes to recover this $2 million bounty? According to the rules of engagement for this extreme bounty range, the $2 million reward is for platform vulnerabilities that “could result in a significant loss of funds or data breach.” What Crypto.com does not do, however, is describe precisely the criteria that must be met because, according to it, these are extreme cases. Generally speaking, however, hackers could expect to receive the big payday, in a combination of traditional fiat funds and cryptocurrencies, for discovering vulnerabilities that “could result in a rapid and immediate loss of more million dollars in funds” for Crypto.com or its users, or which could dump customer information en masse. Go get them, hackers.
