Facebook is offering $10,000 to bug bounty hunters for finding bugs in Facebook’s Libra Cryptocurrency. Read on to more about it…
Recently, Facebook Inc. disclosed that bug bounty hunters can earn $10,000 for finding bugs in Facebook’s Libra Cryptocurrency. The idea of Facebook Inc. bug-testing digital money is a crucial aspect when developing a blockchain-based product like Libra. Instead of Facebook rolling out security updates to fix a post-launch bug, it is understood that it’s difficult to fix security bugs once a cryptocurrency has hit public use and hence finding and squashing them early is more crucial.
Libra Association is a pool of large enterprises and non-profits, including Visa, Spotify, Mastercard, Lyft, eBay, and Uber, which are responsible for processing the transactions of the crypto coin and blockchain. Despite the regulatory issues, Facebook is moving ahead with its Libra coin, which is expected to launch in 2020.
Bug Bounty Program
To help ensure Libra works correctly from day one, Facebook is offering up to $10,000 per bug — depending on its severity to users who can find security bugs in Libra’s infrastructure. Payout options include both digital and real-world currencies — just in case you prefer dollar bills over the blockchain.
The bug bounty program for Libra is open to the public, and you can access it via its official hub page on Hacker One, which includes the program’s full details. You’ll need a HackerOne account in order to participate, and your reward is subject to the program’s copious terms. The details, outlined in a blog post, said the program is designed to “strengthen the security of the blockchain” before Libra’s projected launch sometime next year.
The program will be hosted on popular bug bounty platform HackerOne, and “enables developers to submit bugs and alert the association to security and privacy issues and vulnerabilities to help ensure a scalable, reliable, and secure launch.”. As of July 2018, HackerOne’s network has some 200,000 members. It’s used by large companies, including Starbucks, Spotify, and the European Commission.
The discovery of even “the most subtle” bugs will be rewarded, and bounty hunters can get up to $10,000 for finding “critical” issues on the testnet. An example of a “critical” vulnerability, would be a “Virtual Machine flaw that allows the execution of a Move smart contract to be altered.” Facebook has the final say about the threat level, and their decisions are non-appealable.
But there are rewards for smaller issues too. The discovery of “high” threat vulnerabilities pay out $5,000, “medium” threats pay out $1,500, and “low” threats pay out $500. Libra aims to pay out within 14 days of a threat being reported. To date, just one bounty’s been paid out to hacker Michael Xu—$1,500 for a “medium threat.”
The Road Ahead
The bug bounty program should help to keep hackers from breaching Libra when it goes live on Facebook’s WhatsApp and Messenger platforms next year. Before then, however, Facebook has to find a way of stopping regulators from derailing the project before it even begins. Unluckily for Facebook, these security ‘bugs’ are much harder to squash.