Facebook's Libra Project Launches Bug Bounty With $10,000 Max Reward

The Libra Association will pay up to $10,000 to independent security researchers who find bugs in the Libra blockchain.

AccessTimeIconAug 27, 2019 at 1:02 p.m. UTC
Updated May 15, 2023 at 2:16 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Facebook is gunning to get more external contributions to the cryptocurrency project Libra, starting with a bug bounty program that pays security researchers up to $10,000 in rewards.

The Libra Association, a nonprofit backed by a coalition of companies like Visa and PayPal that are interested in supporting Facebook’s new blockchain ecosystem, previously announced plans for the bounty program that went live Tuesday.

“There’s a variable amount of rewards based on bugs,” Diogo Monica, Anchorage cofounder and Libra Association member, told CoinDesk. “This is great for the [Libra] community, this is consistent with the values of the [infosec] community in general.”

This bug bounty program attracted unanimous praise from association members, an important political step even beyond technical benefits. The Financial Times reported earlier this month that two of these firms might pull out entirely due to regulatory concerns. For example, U.S. Rep. Maxine Waters (D-Calif.), who heads the House Financial Services Committee, released a statement on Sunday repeating her concerns about “allowing a large tech company to create a privately controlled, alternative global currency.”

Within that context, fostering volunteer contributions to open-source aspects of the project may be more important than ever. As such, the Libra Association is expanding the beta program with 50 external researchers to welcome any member of the public to report vulnerabilities in the code, through a partnership with the HackerOne bug bounty platform.

“We hope that developers will bring a diversity of perspectives and expertise to this initiative while holding the Libra Blockchain to the highest security standard,” Aanchal Gupta, security director at Facebook subsidiary Calibra, said in a statement.

Such bounty programs are the norm in cybersecurity circles, offering significant value to the project with regards to both insights and public trust. Plus, Libra Association communications lead Dante Disparte added that the Libra testnet is still under development. As such, vulnerabilities found now could significantly impact the final version.

“Some of the initiatives that Libra Association is doing is very forward-thinking,” Jesse Spiro, head of policy at the blockchain analytics firm Chainalysis, told CoinDesk. “Having problems that are already beginning to be identified, by being very proactive and strategic, is a good thing.”

Overall, there are already developers experimenting with the Libra testnet, including dozens of teams that applied to the Libracamp program based in Israel, which isn’t officially affiliated with Facebook.

With regards to getting regulatory sign-off, Disparte said in a statement:

“We will not launch the Libra Blockchain until regulatory concerns have been taken into account and required regulatory approvals have been received.”

Facebook image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.