Metamask, one of the most popular wallets for Ethereum, announced its HackerOne rewards programme. Users who participate can win prizes ranging from USD 1,000 to USD 50,000, depending on the importance of the problem they have detected.
According to the developer company in a statement, the main objective of the initiative is to find potential vulnerabilities in the wallet and “make progress in the face of web3 threats”. To this end, it is partnering in this programme with HackerOne, a company dedicated to the management of resistance to “ARM” attacks. This firm collaborates with “ethical hackers” by providing them with tools and knowledge to find potential security breaches together.
The total amount of rewards to be awarded to those who detect vulnerabilities will depend on the relevance of the vulnerabilities. There will be rewards of USD 1,000, 2,000, 15,000 and 50,000 for those who find low, medium, high or critical priority flaws, respectively.
How can you participate in the Metamask reward programme? If you think you can provide information about a vulnerability in the wallet, you can participate in this programme by creating an account on HackerOne and submitting a report through this platform.
Among the requirements for submitting reports, Metamask states that you must attach details of the steps taken to detect the problem or, failing that, a proof of concept of what was detected. In addition, it is stressed that it is a private programme and that findings should not be shared publicly until the team responsible has addressed and evaluated them.
Metamask has had other initiatives related to security.
This rewards programme is complemented by another Metamask initiative. At the end of May, it had partnered with Asset Reality to provide support to users who were victims of scams and lost their cryptoassets as a result.
In early June, the wallet had already received a red flag from an IT security team that detected and reported a threat. Metamask gave the organisation USD 120,000 in recognition of the tip, which warned of a potential vulnerability that could lead to the theft of users’ cryptocurrencies.