Facebook's Libra Project Launches Bug Bounty With $10,000 Max Reward

The Libra Association will pay up to $10,000 to independent security researchers who find bugs in the Libra blockchain.

AccessTimeIconAug 27, 2019 at 1:02 p.m. UTC
Updated Sep 13, 2021 at 11:23 a.m. UTC
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

Facebook is gunning to get more external contributions to the cryptocurrency project Libra, starting with a bug bounty program that pays security researchers up to $10,000 in rewards.

The Libra Association, a nonprofit backed by a coalition of companies like Visa and PayPal that are interested in supporting Facebook’s new blockchain ecosystem, previously announced plans for the bounty program that went live Tuesday.

“There’s a variable amount of rewards based on bugs,” Diogo Monica, Anchorage cofounder and Libra Association member, told CoinDesk. “This is great for the [Libra] community, this is consistent with the values of the [infosec] community in general.”

This bug bounty program attracted unanimous praise from association members, an important political step even beyond technical benefits. The Financial Times reported earlier this month that two of these firms might pull out entirely due to regulatory concerns. For example, U.S. Rep. Maxine Waters (D-Calif.), who heads the House Financial Services Committee, released a statement on Sunday repeating her concerns about “allowing a large tech company to create a privately controlled, alternative global currency.”

Within that context, fostering volunteer contributions to open-source aspects of the project may be more important than ever. As such, the Libra Association is expanding the beta program with 50 external researchers to welcome any member of the public to report vulnerabilities in the code, through a partnership with the HackerOne bug bounty platform.

“We hope that developers will bring a diversity of perspectives and expertise to this initiative while holding the Libra Blockchain to the highest security standard,” Aanchal Gupta, security director at Facebook subsidiary Calibra, said in a statement.

Such bounty programs are the norm in cybersecurity circles, offering significant value to the project with regards to both insights and public trust. Plus, Libra Association communications lead Dante Disparte added that the Libra testnet is still under development. As such, vulnerabilities found now could significantly impact the final version.

“Some of the initiatives that Libra Association is doing is very forward-thinking,” Jesse Spiro, head of policy at the blockchain analytics firm Chainalysis, told CoinDesk. “Having problems that are already beginning to be identified, by being very proactive and strategic, is a good thing.”

Overall, there are already developers experimenting with the Libra testnet, including dozens of teams that applied to the Libracamp program based in Israel, which isn’t officially affiliated with Facebook.

With regards to getting regulatory sign-off, Disparte said in a statement:

“We will not launch the Libra Blockchain until regulatory concerns have been taken into account and required regulatory approvals have been received.”

Facebook image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.