As promised, the Libra Association has launched a bug bounty program for its cryptocurrency, offering up to $10,000 in rewards to participants who find critical flaws in the Libra testnet code. This development comes despite the G7 and U.S. Congress raising concerns about the risk of Libra being transformed into a sovereign currency that could be exploited for money laundering and other criminal activity.
Facebook announced the Libra cryptocurrency and Calibra digital wallet in June. A growing list of major corporations and nonprofits, including Visa, Mastercard, Spotify, Lyft, Uber, and eBay together make up the Libra Association, which is responsible for processing the network’s transactions and maintaining the blockchain underlying the currency. The coin is expected to launch in 2020, by which time the project hopes to include around 100 members.
“We are launching this bug bounty now, well before the Libra Blockchain is live,” Dante Disparte, the Libra Association’s head of policy and communications, said in a statement. “Our hope is that people around the world can turn to Libra for their everyday financial needs, so the infrastructure must be dependable and safe. It’s important to note that the Libra Blockchain remains in testnet, which is an early-stage version of the code that is far from final. We remain committed to taking the time to get this right, and we will not launch the Libra Blockchain until regulatory concerns have been taken into account and required regulatory approvals have been received.”
The Libra Association kicked off its bug bounty efforts privately with a beta bug bounty program when Libra was first announced. At the time, the group invited 50 security researchers with blockchain expertise to participate. Now the program is open to the public “to further accelerate and expand this feedback loop.”
To host the bug bounty program, Facebook selected HackerOne, a vulnerability identification platform that helps connect security-conscious businesses with bug hunters. HackerOne is used by the U.S. Department of Defense, General Motors, Goldman Sachs, Twitter, Marriott, Nintendo, Lufthansa, Qualcomm, Starbucks, and Dropbox, among others. Security researchers interested in participating in the program can register on the HackerOne platform here.