Offline cold storage cryptocurrency wallet service provider GK8 is offering a bug bounty of up to $250,000 to the first person who can hack its product.
GK8 — which presents its solution as a “hack-proof digital vault” that needs no direct or indirect connection to the internet — will place 14 Bitcoin (BTC) (over $125,000 at press time) in its wallet. Anyone who succeeds in breaking into the wallet will pocket its proceeds, plus an additional $125,000 prize.
The bounty program will run from Feb. 3 (9:00 a.m EST) through February 4, 2020 (9:00 AM EST).
Mitigating state-sponsored attacks and APT threats
Israel-based GK8 claims its high-security custody solution for digital asset storage will allow banks and other institutions to fully access and manage their crypto holdings and related information without needing to connect to the net.
The firm’s site claims the product has been designed so as “to minimize the wallet’s attack surface and block attackers' influence on security-critical components.”
Among the list of risks it aims to mitigate, GK8 has pointed to state-sponsored attacks and stealth APT (advanced persistent threat) cyber threats.
Zcash (ZEC) founding scientist and cryptography researcher Professor Eran Tromer has endorsed the project, contending that the cold wallet solution developed by GK8 will set a new standard for high security cryptocurrency custody offerings. He explained the way in which the firm has designed the wallet with a minimized attack surface, noting that it works by:
“Having only outbound unidirectional communication and then building the rest of the cryptographic protocols around it using multi-party computation, validation protocols, the transmission of policies to the environment, all while preventing the injection of malicious inputs from the internet back into the cold wallet.”
In an industry that must always keep one step ahead of potential threat vectors, bug bounty programs serve as a useful “stress test” for cryptocurrency firms to probe the security of their solutions.
Earlier, in October, MakerDAO had been prompted to fix a critical bug that could have resulted in a complete loss of funds for all platform users. HackerOne user lucash-dev had disclosed a report revealing a critical bug in MakerDAO’s planned upgrade, and was rewarded for the effort with a $50,000 bounty.