The darknet marketplace Hansa announced last week the launch of a bug bounty program with rewards of up to 10 bitcoins, currently worth more than $10,000.
Hansa allows users to buy and sell various types of items, including drugs, fraud-related services, jewelry, counterfeit products, electronics, and IT services. The marketplace is designed to minimize the risk of scams operated by vendors and Hansa administrators, and claims to guarantee that users will not lose their funds in case of a hack or law enforcement operation.
In an effort to minimize the chances of the website getting hacked, Hansa’s owners have decided to launch a bug bounty program. The highest rewards, up to 10 bitcoins, will be paid out for vulnerabilities that could “severely disrupt Hansa’s integrity,” such as flaws that expose IP addresses or user information.
Hansa has promised 1 bitcoin, worth roughly $1,000, for bugs and vulnerabilities that are not critical. Users can also earn 0.05 bitcoins ($50) for reporting simple display bugs or unintended behavior.
“To be eligible, you must demonstrate a security compromise on our market using a reproducible exploit. Should you encounter a bug please open a ticket and inform us about your findings,” Hansa administrators wrote in a Reddit post announcing the bug bounty program.
Users who submit vulnerability or bug reports must not make their findings public before the issue has been fixed, and they must refrain from conducting any tests that could have a negative impact on the website or its users. Hansa has advised users to provide detailed proof-of-concepts (PoCs) to increase their chances of receiving a reward.
Hansa has promised to respond to vulnerability and bug reports as quickly as it can, and provide updates while it works to address the problem.
In the Reddit post announcing the launch of the bug bounty program, two users said they had already submitted reports describing vulnerabilities that could have serious consequences if exploited.
Last month, someone reported finding a vulnerability that exposed the private messages exchanged by users of the popular darknet marketplace AlphaBay. The individual who discovered the security hole claimed to have created a bot that collected more than 200,000 private messages.
The same individual also said he had identified a flaw in the Hansa marketplace, which allegedly allowed him to obtain 240,000 Hansa usernames.