Election App Voatz Just Got Kicked Out of a Major Bug Bounty Program

Bug bounty platform HackerOne severed ties with Medici Ventures-backed Voatz, the blockchain-based mobile voting app for breach of partnership standards.

AccessTimeIconMar 30, 2020 at 9:20 p.m. UTC
Updated Aug 19, 2021 at 1:34 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Bug bounty platform HackerOne severed ties with Medici Ventures-backed Voatz, the blockchain-based mobile voting app, for breach of partnership standards. 

The removal cuts off Voatz’ access to HackerOne’s network of “ethical hackers” who trade their expertise in finding code faults for cash. HackerOne partners with corporations interested in shoring up potential security vulnerabilities. Across 1,800 total relationships and eight years, though, it's never before kicked a partner out, said representative Samantha Spielman.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    The last regression video of the year 3.67.0
  • The news was first reported Monday by CyberScoop.

    Spielman said Voatz’ breach of “partnership standards” made the relationship unviable, despite the program’s past bug-hunting successes. 

    “As a platform, we work tirelessly to foster that mutually beneficial relationship between security teams and the researcher community,” she said. Spielman declined to elaborate on Voatz’ standards breach.

    Voatz told CoinDesk in a statement it regrets the relationship’s “temporary pause.” It said that HackerOne had caved to a “small group of researchers who, along with a few other members of the community, believe Voatz reported a researcher to the FBI.”

    “This falsehood and misinformation has been a source of animosity toward Voatz and our partners, who face consistent attacks from these researchers,” the statement said.

    West Virginia Secretary of State Mac Warner said in October 2019 the Federal Bureau of Investigation was investigating an attempted breach of the app during a pilot program in 2018. West Virginia has used the app in multiple pilots, and Warner maintains that no votes have been altered to date. 

    Rocky year

    Voatz came under the spotlight in mid-February when a group of MIT researchers released a scathing write-up highlighting myriad apparent security flaws in the app. They alleged Voatz was essentially bunk, criticized its transparency and called up election officials considering the app to maybe think twice. 

    Voatz responded with its own criticism. In a sarcasm-laced Feb. 13 press release, it called the researchers’ report unfair and their “bad faith recommendations” irreparably flawed.

    However, earlier this month Trail of Bits published a report supporting the MIT researchers' claims. Voatz had commissioned Trail of Bits to analyze its platform.

    Voatz began working with HackerOne in August 2018 and has paid out over $6,000 to researchers through “HackerOne and other avenues” since. It plans to announce its own bounty program “in the coming days.”

    West Virginia has dropped its partnership with the company.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.