BitsLab launches its first public welfare "Web3 Bug Bounty Program"
TechFlow Selected TechFlow Selected
BitsLab launches its first public welfare "Web3 Bug Bounty Program"
Join the "Web3 Bug Bounty Program" now, team up with top global white-hat hackers, and work together to secure the future of the Web3 ecosystem!
Navigating Web3 tides with focused insightsRecently, the security of the Web3 ecosystem is facing unprecedented challenges. While attention is often focused on smart contract audits, another major risk is frequently overlooked: vulnerabilities in off-chain, non-contract infrastructure. As revealed by Bybit's recent loss of nearly $1.46 billion—the root cause was not a compromised smart contract, but rather a breached developer infrastructure—this serves as a warning to the entire Web3 space:Only by strengthening penetration testing of non-contract components can we truly build stronger security defenses.
To help more Web3 projects defend against non-contract security threats, BitsLab has partnered with global elite white-hat hackers and CTF team members to officially launch the "Web3 Bug Bounty Program," inviting Web3 projects to apply and proactively conducting penetration tests on high-impact Web3 projects to help establish more robust security safeguards.
We will conduct penetration testing on a公益 basis, including: responsibly discovering vulnerabilities without damaging systems or harming user rights; providing effective remediation recommendations; organizing experts to retest fixed vulnerabilities to ensure full resolution; and responsibly disclosing vulnerabilities by sharing potential risks and threats across the Web3 ecosystem without revealing sensitive details.
Interested projects, please fill out the application form below 👇
Why Penetration Testing Is Indispensable
It's widely known that smart contract audits represent only the "tip of the iceberg" in Web3 security. Far broader attack surfaces often exist within traditional web applications and infrastructure weaknesses. Exploitation of such vulnerabilities can lead to catastrophic losses. The critical value of penetration testing lies in simulating real-world attacks to identify potential issues early.Prevention is far more crucial than post-incident remediation.
BitsLab Launches: Web3 Bug Bounty Program
To help more Web3 projects resist non-contract-level attacks, BitsLab joins forces with numerous global top-tier white-hat hackers and CTF team members to unveil the "Web3 Bug Bounty Program".
Web3 Bug Bounty Program Official Website:
https://forks.bitslab.xyz/web3-securing-plan
This initiative will focus on penetration testing in "off-chain, non-contract" domains, conducting comprehensive security assessments on APIs and infrastructures of exchanges, wallets, GameFi, SocialFi platforms, and fully safeguarding the healthy development of the Web3 ecosystem.
Who do we protect?
🛡️ Various exchanges (Exchange)
🛡️ Various wallet applications (Wallet)
🛡️ Emerging Web3 applications such as GameFi and SocialFi
🛡️ Any project exposing APIs and infrastructure
How do we do it?
🔐 Non-contract Penetration Testing: Discovering vulnerabilities from a hacker’s perspective
🔐 Strengthen Overall Security: Full-spectrum control from network, system, to application layers
🔐 Assist Project Enhancement: Helping project teams strengthen security while identifying issues
Action Plan — Two Key Processes
BitsLab's "Web3 Bug Bounty Program" includes two main implementation pathways, offering diverse participation options for different projects:
1) Open Recruitment Process
-
Application: Projects can submit applications via our platform.
-
Screening: Selected by BitsLab’s professional team based on value and potential.
-
Testing: Deep penetration testing on off-chain, non-contract components.
-
Reporting & Collaboration: Timely feedback of test results to help projects fix and improve.
-
Disclosure: Public disclosure of related vulnerabilities upon mutual agreement (if needed).
Interested projects, please fill out the application form below👇
https://docs.google.com/forms/d/e/1FAIpQLSehCT6BiZ97lRSVnTNjB263eTCGy-T5fV40JfvgTjHuPtj-LQ/viewform?usp=sharing
2) Proactive Discovery Process
-
Target Selection: Focus on high-impact, widely-used projects.
-
Testing & Notification: Complete penetration testing within three weeks and notify the project team.
-
Assist Remediation: Provide support to help patch vulnerabilities.
-
Public Disclosure: If the project takes no action within three weeks, partial vulnerability disclosure will occur to protect the ecosystem.
Elite Team — Global Top White Hats & Industry-Authority Organizations
This initiative is led by BitsLab, collaborating with 20–30 globally renowned white-hat hackers and multiple CTF champion team members. They possess not only world-class competition records but also extensive practical experience in penetration testing.
We have gathered top white hats from platforms such as Hackerone, Immunefi, Baidu SRC, Alibaba SRC, and Tencent SRC—regularly ranked at the top—who have submitted hundreds of critical and high-risk vulnerabilities to leading internet companies like Google, Alibaba, Tencent, Alipay, Baidu, and major global exchanges including Binance, OKX, and Bitget.
Collaborative Bug Bounty: Multi-party collaboration enabling world-class hackers to jointly secure the Web3 ecosystem.
Efficient Coordination: BitLab provides one-stop management and communication, saving time and cost for project teams.
White-hat hackers interested in joining, please click the link below to apply 👇
https://docs.google.com/forms/d/e/1FAIpQLSf5hy1kuSknT6L4dcFqx3aAyKYOabm13HTzzTPbFq-nGoFnLQ/viewform?usp=sharing
Proven Strength, Trustworthy Expertise
Extensive Experience: We've supported over 400 security solutions, audited more than 40 million lines of code, and protected assets exceeding $8 billion.
Notable Cases: Successfully discovered and fixed critical vulnerabilities in mainstream projects such as Sui, TON, Aptos, Move, and Uniswap. In penetration testing, we reported an interface data leak at a top-tier exchange, preventing privacy exposure for nearly 100,000 users; submitted an account takeover vulnerability in a major foreign tech company's system, protecting sensitive information; reported a remote code execution flaw at a large domestic tech firm, blocking external intrusions and preventing significant financial loss; assisted a major automotive company in investigating a watering-hole attack targeting employees, successfully reproducing the attack method and preventing data breaches and asset loss.
Deep Web3 Expertise: Specializing in auditing emerging ecosystems, covering popular areas including Sui, Aptos, TON, Linea, BNB Chain, Soneium, Starknet, Movement, Monad, Internet Computer, Kaia, Solana, and others.
Industry Recognition:BitsLab’s TonBit has been officially recognized by the TON blockchain as a primary Security Assurance Provider (SAP). Core teams at Aptos, Sui, and Movement have publicly acknowledged and praised our security work.
Security is never just about smart contract audits—the future of Web3 demands broader protection! BitsLab is committed to delivering comprehensive "non-contract-level" security for exchanges, wallets, GameFi, SocialFi, and all projects exposing APIs and infrastructure. We welcome all project teams to actively participate and join us in building a resilient defense to safeguard the future of Web3!The final interpretation of this penetration testing program belongs to BitsLab.
Join the "Web3 Bug Bounty Program" today, stand alongside global top white hats, and together secure the future of the Web3 ecosystem!
About FORKS
FORKS is a decentralized white-hat community dedicated to Web3 security, aiming to unite global elite vulnerability researchers to protect the blockchain ecosystem through technical expertise. Strategically supported by BitsLab, FORKS focuses on cutting-edge areas such as smart contracts and virtual machines, driving the transition of traditional security talent into Web3.
About BitsLab
BitsLab is a security organization committed to protecting and building emerging Web3 ecosystems, with a vision to become a respected leader in the Web3 security industry. It operates three sub-brands: MoveBit, ScaleBit, and TonBit.
BitsLab specializes in infrastructure development and security audits for emerging ecosystems, covering but not limited to Sui, Aptos, TON, Linea, BNB Chain, Soneium, Starknet, Movement, Monad, Internet Computer, and Solana. Additionally, BitsLab demonstrates deep expertise in auditing multiple programming languages, including Circom, Halo2, Move, Cairo, Tact, FunC, Vyper, and Solidity.
The BitsLab team brings together several top-tier vulnerability research experts who have won numerous international CTF awards and discovered critical vulnerabilities in well-known projects such as TON, Aptos, Sui, Nervos, OKX, and Cosmos.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@0xbitslab
