Rewards of up to $10,000 on offer for vulnerabilities discovered in open source library

Developers at imToken, a popular cryptocurrency wallet, have launched a new bug bounty program covering the TokenCoreX library that underpins the application.

Written in Rust, TokenCoreX is a cross-platform library that implements crypto-wallet functions and can support both iOS and Android.

The library was recently open-sourced, and the imToken development team are now asking researchers to test the platform for security vulnerabilities.

Core assets

The independent bug bounty program promises rewards of up to $10,000 (paid in Tether cryptocurrency) for the discovery of critical security flaws, such as those that could result in an attacker stealing crypto-assets.

Defects in the implementation of the core encryption algorithm, along with vulnerabilities in chain-related logic code or the wallet application layer, are also in scope.

“We want to show how we securely store users’ private data and make users’ transactions more secure,” Blue Yang, imToken’s chief security officer, told The Daily Swig.

Established in 2016, imToken is a digital asset management tool that now claims to be installed on more than 9.5 million devices.

Check out the imToken blog for full details of the new TokenCoreX bug bounty. The library’s source code is accessible via GitHub.


READ MORE Meet the bug bounty platform putting community into crowdsourced security