Hardware Wallet Bounty Program

Unlock Innovation. Strengthen Security. Earn Rewards.

We’re committed to ensuring the highest level of security in cryptocurrency storage. To achieve this, we’re offering cash bounties to individuals who can demonstrate provable exploits on leading hardware wallets. Your discoveries will help us enhance wallet security and protect digital assets worldwide.

Participants must comply with ethical hacking standards.

Active Bounty Opportunities

1. Trezor One

  • Bounty Reward: $10,000

  • Challenge: Identify a new chip-off exploit that compromises the device’s private key or seed recovery process. Firmware 1.12.1

2. Trezor One

  • Bounty Reward: $25,000

  • Challenge: Identify a new non chip-off exploit that compromises the device’s private key or seed recovery process. Firmware 1.12.1

3. Trezor Model T

  • Bounty Reward: $40,000

  • Challenge: Identify a new exploit that compromises the device’s private key or seed recovery process. The exploit cannot use electro magnetic fault injection. Firmware 2.0.1+

4. Trezor Safe 3/5

  • Bounty Reward: $100,000

  • Challenge: Identify a new exploit that compromises the device’s private key or seed recovery process. Safe 3 Firmware 2.1.0+, Safe 5 firmware 2.1.5+

5. Ledger Nano S

  • Bounty Reward: $250,000

  • Challenge: Identify a method to extract private keys and bypass Ledger's Secure Element protections.

Program Guidelines

  • Eligibility: Open to individuals and teams globally.

  • Submission Requirements:

    • Detailed description of the exploit.

    • Reproducible steps to verify the vulnerability.

    • Video or documentation demonstrating the exploit.

  • Review Process: Submissions will be evaluated by our security team for validity and impact.

  • Reward Payment: Bounties will be paid upon validation of the exploit and signing of a responsible disclosure agreement.

  • Method of Payment: BTC straight to a wallet of your choosing. A hardware wallet will not be used in any part of the transaction ;)

Why Join the Bounty Program?

  1. Be a trailblazer: Your work will shape the future of cryptocurrency security.

  2. Earn recognition: Join a global community of ethical hackers and security professionals.

  3. Contribute to Safety: Help protect millions of crypto users worldwide.

Can I test live wallets for vulnerabilities?
No. Testing should only be done on your devices in a controlled environment.

Will Praefortis claim ownership of my findings?
Yes, once the exploit has been verified and you have been paid, Praefortis retains the right to the exploit under the disclosure agreement.

How is my privacy protected?
All submissions are handled confidentially and securely.

Get in touch when you’re ready to show us what you got.