This year marked a significant milestone for Tangem as we launched a private Bug Bounty program. The initiative has yielded valuable results, helping us bolster our wallet’s security and keep our record spotless.
Looking ahead to 2025, we’re planning a public bug bounty program. It will debut alongside the rollout of Tangem’s new infrastructure and advanced features. This is an open invitation to security experts and developers to contribute to making Tangem even more secure.
What is a bug bounty program?
A bug bounty program rewards people who identify and responsibly disclose any security vulnerabilities discovered. These programs incentivize ethical hacking and foster a collaborative approach to improving security in any system.
Why are bug bounties important?
As blockchain and cryptocurrency adoption grows, the stakes become higher due to:
- The immutable nature of blockchain means that once a smart contract is deployed, vulnerabilities cannot be easily fixed without disrupting operations.
- Complex integrations between networks increased the likelihood of vulnerabilities, especially in the case of blockchain bridges.
- People store substantial amounts in crypto wallets, particularly cold wallets. Implementing a bug bounty program can enhance a wallet's overall security, as developers might accidentally overlook certain vulnerabilities in newly deployed code.
Web3 bug bounty programs have since become a cornerstone of blockchain security, fostering collaboration between users, developers, and ethical hackers to improve trust in the industry.
When did bug bounty programs appear in Web3?
Bug bounty programs date back to 1983, when Hunter & Ready, a software company, offered rewards to users who identified bugs in their operating system, VRTX.
In Web3, the Ethereum Foundation initiated one of the first bounty programs to secure the Ethereum blockchain and its growing ecosystem. Companies developing early dApps, like Augur and MakerDAO, also introduced bounty programs to identify vulnerabilities in their smart contracts.
What will Tangem’s public bug bounty look like?
Tangem’s Bug Bounty program will be structured to align with industry best practices, focusing on transparency, collaboration, and impactful rewards. Here’s what to expect:
- Public launch in 2025
The program will be open to everyone, inviting the global community of security researchers to participate. - Reward structure
Participants will earn rewards based on the severity and impact of the reported vulnerabilities. - Focus areas
The program will target Tangem's mobile app code vulnerabilities, API integrations, and other systems. - Easy reporting
Participants will use a dedicated reporting system to make submissions straightforward and ensure confidentiality. Meanwhile, immediate reports can already be sent to bugbounty@tangem.com
At Tangem, we believe in the power of transparency. Our mobile app's code is open-source, meaning that developers and researchers worldwide can contribute to making the crypto ecosystem safer and more inclusive. Let's work together to create a crypto world that is secure, innovative, and accessible to everyone.