Atomic Wallet Announces Bug Bounty Program, $1 Million Up for Grabs

Julia Smith
Last updated: | 2 min read

Atomic Wallet has announced the launch of a public bug bounty program featuring a $1 million prize pool in the hopes of making the app “an even more secure experience for users.”

Up to $1 million on the table


According to a recent press release from the noncustodial wallet interface, the bug bounty program is open to “anyone with the skills and determination to help Atomic Wallet strengthen its security infrastructure.”

“Whether you’re an experienced cybersecurity professional or a passionate hobbyist, your contributions are welcome,” the press release continues.

Individual bounty rewards range from $500 for low-risk vulnerabilities to $100,000 “for discovering a vulnerability with the ability to attack/drain a wallet without physical access, installed malware, or social engineering, indicating an actual over-the-internet attack and a flaw in our code or dependencies.”

“Recent events in the blockchain industry have once again reminded us that cybersecurity is a dynamic field, and the best way to stay ahead is by harnessing the creativity and expertise of the global community,” noted Konstantin Gladych, Founder of Atomic Wallet. “We are confident and eager to see how this program will contribute to our mission of providing a secure and seamless user experience.”

A brewing legal battle


The launch of Atomic Wallet’s bug bounty program comes shortly after the company filed to dismiss a class-action lawsuit stemming from a June 2023 hack that saw an estimated $100 million drained from investor wallets.

The plaintiffs are claiming that the app knew of “existing security vulnerabilities” from “as early as 2022 but failed to take necessary security measures or precautions to protect user data and funds.”

Lazarus Group, a state-sponsored hacking collective from North Korea, is widely considered to be behind the breach. However, Boris Feldman, a lawyer for one of the plaintiffs listed in the lawsuit, believes a Ukrainian hacking group could be responsible.

Lawyers for Atomic Wallet have sought to dismiss the complaint, which was filed in the U.S., as the noncustodial wallet’s operations are based out of Estonia. Furthermore, Atomic Wallet is alleging that the organization is not responsible for any investor losses due to a provision agreed to by users in the terms of service that limits the company’s liability.

0.1% affected?


Atomic Wallet has largely maintained that less than 0.1% of users were affected, though that number has been openly debated online.

According to a statement released following the hack, Atomic Wallet has since updated its security infrastructure while the investigation remains ongoing.

Image source: Unsplash