Join the "Web3 Bug Bounty Program" now, and work hand in hand with top white hats from around the world to safeguard the secure future of the Web3 ecosystem!
Recently, the security of the Web3 ecosystem is facing unprecedented challenges. People often focus on smart contract audits while overlooking another significant risk: infrastructure vulnerabilities that are off-chain and not at the contract level. As revealed by Bybit's nearly $1.46 billion loss — it was not the smart contract that was breached, but rather the developer's infrastructure that was compromised. This serves as a warning to the entire Web3 field: only by strengthening penetration testing on non-contract components can we truly build a more robust security barrier.
To help more Web3 projects guard against non-contract layer security threats, BitsLab has officially launched the "Web3 Bug Bounty Program" in collaboration with top white hat hackers and CTF team members, recruiting Web3 projects and proactively conducting penetration tests for high-impact Web3 projects to help them build stronger security defenses.
We will conduct penetration testing on a pro bono basis, including: responsibly discovering vulnerabilities, committing not to cause damage to systems, and not harming user rights; we will provide effective vulnerability remediation suggestions and organize experts to retest fixed vulnerabilities to ensure they are completely resolved; we will responsibly disclose vulnerabilities, sharing potential security risks and threats with all Web3 project parties without revealing vulnerability details.
Interested projects please fill out the form to complete the application👇
Why is penetration testing indispensable?
It is well known that smart contract audits are just the "tip of the iceberg" in Web3 security, while a broader attack surface often exists in the weak links of traditional web and infrastructure. Once a vulnerability is exploited, the losses can be devastating. The significant value of penetration testing lies in simulating real attack methods to identify potential issues in advance. Preventing problems before they occur is more critical than remedying them afterward.
BitsLab proudly launches: Web3 Bug Bounty Program
To help more Web3 projects resist non-contract layer attacks, BitsLab has partnered with numerous top white hat hackers and CTF team members to launch the "Web3 Bug Bounty Program."
Web3 Bug Bounty Program Official Website:
https://forks.bitslab.xyz/web3-securing-plan
This program will focus on penetration testing in the "off-chain, non-contract" domain, conducting comprehensive security checks on APIs and infrastructure of various exchanges, wallets, GameFi, and SocialFi platforms to fully protect the healthy development of the Web3 ecosystem.
Who do we protect?
🛡️ Various exchanges (Exchange)
🛡️ Various wallet applications (Wallet)
🛡️ Emerging Web3 applications like GameFi and SocialFi
🛡️ Any project exposing APIs and infrastructure
How do we do it?
🔐 Non-contract layer penetration testing: Discover vulnerabilities from a hacker's perspective
🔐 Strengthen overall security: Comprehensive control from network, system to application layer
🔐 Assist project upgrades: Identify issues while helping projects reinforce security
Action Plan — Two Major Processes
BitsLab's "Web3 Bug Bounty Program" includes two main implementation paths, providing diverse participation options for different projects:
1) Open Recruitment Process
Application: Project parties can submit applications through our platform.
Screening: BitsLab's professional team evaluates and selects high-value, high-potential projects for testing.
Testing: Conduct in-depth penetration testing on off-chain, non-contract components.
Reporting and Collaboration: Timely feedback on testing results to help projects fix and improve.
Disclosure: Publicly disclose relevant vulnerabilities (if necessary) upon mutual agreement.
Interested projects please fill out the form to complete the application👇
https://docs.google.com/forms/d/e/1FAIpQLSehCT6BiZ97lRSVnTNjB263eTCGy-T5fV40JfvgTjHuPtj-LQ/viewform?usp=sharing
2) Proactive Discovery Process
Target Selection: Focus on testing projects that have a significant impact on the industry and a wide audience.
Testing and Notification: Complete penetration testing within three weeks and inform the project party of the results.
Assistance in Remediation: Provide support to help projects fix vulnerabilities.
Public Disclosure: If the project party does not take action within three weeks, we will publicly disclose some vulnerabilities to protect the entire ecosystem.
The Strongest Team — Top White Hats & Industry Authorities Worldwide
This event is led by BitsLab in collaboration with 20-30 top white hat hackers and many CTF champion team members. They not only have world-class competition records but also possess rich practical experience in penetration testing.
We have gathered many top white hats from vulnerability bounty platforms such as Hackerone, Immunefi, Baidu src, Alibaba src, and Tencent src, who are active on the top lists of these platforms, having submitted hundreds of high-risk vulnerabilities to top global internet companies like Google, Alibaba, Tencent, Alipay, Baidu, and top exchanges like Binance, OKX, and Bitget.
Bounty Collaboration: Multi-party collaboration to protect the Web3 ecosystem with the world's top hackers.
Efficient Connection: BitLab provides one-stop management and communication, saving time and costs for project parties.
If you want to join our white hat hackers, please click the link to complete the application👇
https://docs.google.com/forms/d/e/1FAIpQLSf5hy1kuSknT6L4dcFqx3aAyKYOabm13HTzzTPbFq-nGoFnLQ/viewform?usp=sharing
Strong Strength, Trustworthy
Rich Experience: We have supported over 400 security solutions, audited more than 40 million lines of code, and safeguarded assets totaling over $8 billion.
Typical Cases: In mainstream projects like Sui, TON, Aptos, Move, and Uniswap, we have successfully discovered and fixed critical vulnerabilities. In penetration testing, we submitted a user information leakage vulnerability for a top exchange, preventing the leakage of nearly 100,000 users' private information; we submitted an account takeover vulnerability for an important system of a large foreign tech company, successfully protecting a large amount of confidential information; we submitted a remote code execution vulnerability for an important system of a large domestic tech company, successfully preventing external hackers from invading the company's internal network, avoiding significant property losses; we assisted a large automotive company in investigating a waterhole attack incident against its internal employees, successfully reproducing the hacker's waterhole attack method, preventing data leakage of internal employees and property losses for the company.
Deep Web3 Expertise: Focused on auditing emerging ecosystems, covering but not limited to popular fields such as Sui, Aptos, TON, Linea, BNB Chain, Soneium, Starknet, Movement, Monad, Internet Computer, Kaia, and Solana.
Industry Recognition: BitsLab's TonBit has been officially recognized by the TON blockchain as a major security assurance provider (SAP). Core teams from Aptos, Sui, Movement, and others have also recognized and praised our security work through official channels.
Security is never just about smart contract audits; the future of Web3 requires broader protection! BitsLab is committed to providing comprehensive security assurance at the "non-contract level" for more exchanges, wallets, GameFi, SocialFi, and all projects exposing APIs and infrastructure. We welcome all project parties to actively sign up and participate, together building a strong defense to safeguard the Web3 world! The final interpretation of this penetration testing belongs to BitsLab.
Join the "Web3 Bug Bounty Program" now, and work hand in hand with top white hats from around the world to safeguard the secure future of the Web3 ecosystem!
About FORKS
FORKS is a decentralized white hat community focused on Web3 security, dedicated to gathering top vulnerability researchers worldwide to protect the blockchain ecosystem with technology. It is strategically supported by BitsLab, focusing on cutting-edge fields such as smart contracts and virtual machines, promoting the transition of traditional security talent to Web3.
About BitsLab
BitsLab is a security organization dedicated to safeguarding and building the emerging Web3 ecosystem, with a vision to become a respected Web3 security agency in the industry and among users. It has three sub-brands: MoveBit, ScaleBit, and TonBit.
BitsLab focuses on the development and security auditing of infrastructure in emerging ecosystems, covering but not limited to Sui, Aptos, TON, Linea, BNB Chain, Soneium, Starknet, Movement, Monad, Internet Computer, and Solana. At the same time, BitsLab has demonstrated profound expertise in auditing various programming languages, including Circom, Halo2, Move, Cairo, Tact, FunC, Vyper, and Solidity.
The BitsLab team consists of several top vulnerability research experts who have won international CTF awards multiple times and discovered critical vulnerabilities in well-known projects such as TON, Aptos, Sui, Nervos, OKX, and Cosmos.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
