Menu Icon
< back to main
 • 2 min read

Capture the Coin

At Cobalt, we’re constantly thinking about how we can take application security to the next level. Today, we’re excited to launch Capture...

Capture the Coin
Jacob Hansen
Jacob Hansen

Jacob Hansen is Co-founder and Chief Executive Officer at Cobalt. Jacob and his team are on a mission to evolve the traditional pentesting model by engaging the best cybersecurity talent, via Cobalt’s PtaaS platform, and allowing customers to move from a static pentest to platform-driven pentest programs that drive better security and improve ROI.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Capture the Coin

At Cobalt, we’re constantly thinking about how we can take application security to the next level. Today, we’re excited to launch Capture the Coin (#CTC), a contest that will allow us to experiment with a bitcoin bounties hidden within the Cobalt platform.

What is Capture the Coin?

Our Capture the Coin contest is a challenge similar to traditional Capture the Flag contests within the security community. Instead of capturing a flag, however, participants can capture bitcoin private keys hidden in parts of our web application that are inaccessible to regular users.

Anyone who finds a key can claim the bitcoin as a reward.

As part of our contest, we have created three bitcoin addresses and deposited rewards of 1.5 BTC, 1.0 BTC and 0.5 BTC respectively.

Experimenting with Bug Bounties

Because of its flexibility as a technology protocol, bitcoin enables us to experiment with monetary rewards in new ways like allowing us to build rewards directly into our website. To detect intrusion, we can set up automatic notifications when we see movements on specific bitcoin addresses, thereby building a monetary layered intrusion detection system.

For security researchers, a few of the advantages of hunting bitcoin private keys are that:

  • testers are rewarded immediately with minimal fees,

  • and testers do not have to wait for a third party to validate a bug report before claiming the reward.

If you are a security researcher who captures the coin, please let us know! We would love to recognize your efforts, and learn how you did it. If you participate in Capture the Coin and find any other vulnerabilities in the Cobalt platform, please submit those through our regular bug bounty program here.

Go Capture the Coin!

#CTC

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens