Facebook's Libra Project Launches Bug Bounty With $10,000 Max Reward

The Libra Association will pay up to $10,000 to independent security researchers who find bugs in the Libra blockchain.

AccessTimeIconAug 27, 2019 at 1:02 p.m. UTC
Updated May 9, 2023 at 3:03 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Facebook is gunning to get more external contributions to the cryptocurrency project Libra, starting with a bug bounty program that pays security researchers up to $10,000 in rewards.

The Libra Association, a nonprofit backed by a coalition of companies like Visa and PayPal that are interested in supporting Facebook’s new blockchain ecosystem, previously announced plans for the bounty program that went live Tuesday.

  • Messari CEO Reflects on Senate’s Influence on Crypto Industry
    Messari CEO Reflects on Senate’s Influence on Crypto Industry
  • SEC's Crypto Enforcement Actions in 2023
    SEC's Crypto Enforcement Actions in 2023
  • How Much Money Are Terrorists Actually Raising in Crypto?
    How Much Money Are Terrorists Actually Raising in Crypto?
  • Cost of Not Enacting Crypto Regulation Is 'Extremely High,' Legal Expert Says
    Cost of Not Enacting Crypto Regulation Is 'Extremely High,' Legal Expert Says
  • “There’s a variable amount of rewards based on bugs,” Diogo Monica, Anchorage cofounder and Libra Association member, told CoinDesk. “This is great for the [Libra] community, this is consistent with the values of the [infosec] community in general.”

    This bug bounty program attracted unanimous praise from association members, an important political step even beyond technical benefits. The Financial Times reported earlier this month that two of these firms might pull out entirely due to regulatory concerns. For example, U.S. Rep. Maxine Waters (D-Calif.), who heads the House Financial Services Committee, released a statement on Sunday repeating her concerns about “allowing a large tech company to create a privately controlled, alternative global currency.”

    Within that context, fostering volunteer contributions to open-source aspects of the project may be more important than ever. As such, the Libra Association is expanding the beta program with 50 external researchers to welcome any member of the public to report vulnerabilities in the code, through a partnership with the HackerOne bug bounty platform.

    “We hope that developers will bring a diversity of perspectives and expertise to this initiative while holding the Libra Blockchain to the highest security standard,” Aanchal Gupta, security director at Facebook subsidiary Calibra, said in a statement.

    Such bounty programs are the norm in cybersecurity circles, offering significant value to the project with regards to both insights and public trust. Plus, Libra Association communications lead Dante Disparte added that the Libra testnet is still under development. As such, vulnerabilities found now could significantly impact the final version.

    “Some of the initiatives that Libra Association is doing is very forward-thinking,” Jesse Spiro, head of policy at the blockchain analytics firm Chainalysis, told CoinDesk. “Having problems that are already beginning to be identified, by being very proactive and strategic, is a good thing.”

    Overall, there are already developers experimenting with the Libra testnet, including dozens of teams that applied to the Libracamp program based in Israel, which isn’t officially affiliated with Facebook.

    With regards to getting regulatory sign-off, Disparte said in a statement:

    “We will not launch the Libra Blockchain until regulatory concerns have been taken into account and required regulatory approvals have been received.”

    Facebook image via Shutterstock


    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.