HomeWhyAboutDiscover
splash


LockBox Hacker Challenge

We've stored a private key controlling $5,000 USDC using LockBox's character-level sharding technology. The key fragments are scattered across our worldwide test network, encrypted, mixed with decoys, and mathematically unbreakable...

Or so we claim.

This isn't a puzzle. This is a real-world security challenge. We're giving you complete access to our test infrastructure. Attack everything. Break anything. Steal the money.

If there's a vulnerability, we want YOU to find it now—before our B2B partners trust us with their customers' keys.

THE CHALLENGE

Target Wallet:
[WALLET ADDRESS - Coming Soon]

Prize Money:
$5,000 USDC on Ethereum

Verify the Funds:
[ETHERSCAN LINK - Coming Soon]

Your Mission:
Extract the private key by any means necessary and transfer the USDC to your wallet.

Challenge Duration:
90 Days

Start Date:
[DATE - Posted Soon]

End Date:
[DATE - Posted Soon]

FULL NETWORK ACCESS

We're not playing games. Here's everything:

Test Node IP Addresses:

  • Node 1: xxx.xxx.xxx.xxx
  • Node 2: xxx.xxx.xxx.xxx
  • Node 3: xxx.xxx.xxx.xxx
  • Node 4: xxx.xxx.xxx.xxx
  • Node 5: xxx.xxx.xxx.xxx
  • Node 6: xxx.xxx.xxx.xxx
  • Node 7: xxx.xxx.xxx.xxx
  • Node 8: xxx.xxx.xxx.xxx
  • Node 9: xxx.xxx.xxx.xxx
  • Node 10: xxx.xxx.xxx.xxx

Technical Documentation:

API Documentation: [Full API Specs - Coming Soon]

Network Architecture: [Architecture Diagram - Coming Soon]

Technology Stack:

  • Operating System: [TBA]
  • Database: [TBA]
  • Encryption: AES-256 with [TBA]
  • Programming Languages: [TBA]
  • API Framework: [TBA]

Attack the servers. Probe the APIs. Map the network. Find the fragments. Break the encryption. We're not hiding anything from you.

BOUNTY STRUCTURE

There is NO LIMIT to how many bounties you can earn. We want to know about every vulnerability, not just the first one.

GRAND PRIZE

$10,000

Steal the $5,000 USDC + Show us how (+$5,000 USDC bonus)

Successfully transfer the funds from the target wallet to your own address, then join our Telegram and prove your method. We'll pay you an additional $5,000 for responsible disclosure.

CRITICAL VULNERABILITIES

$5,000 each

Demonstrate any of these without actually stealing funds:

  • Extract all encrypted character
    fragments from the network
  • Gain unauthorized database access
  • Compromise multiple nodes simultaneously
  • Prove complete key reconstruction capability
  • Demonstrate a viable attack path to private key extraction

HIGH-SEVERITY FINDINGS

$1,000 each

  • Server compromise exposing fragment data
  • API vulnerabilities leaking sensitive information
  • Timing attacks revealing fragment locations
  • Authentication bypasses
  • Privilege escalation exploits
  • SQL injection or similar injection attacks
  • Remote code execution vulnerabilities

MEDIUM-SEVERITY FINDINGS

$500 each

  • Network topology mapping techniques
  • Information disclosure vulnerabilities
  • Node fingerprinting methods
  • Non-critical security misconfigurations
  • Cryptographic implementation weaknesses (theoretical)
  • API rate limiting bypasses

Total Potential Bounties: $25,000+

Multiple findings in the same category will each receive the stated bounty. We want to know about EVERY vulnerability. There is no limit to what you can earn.

THE RULES

ALLOWED:

  • ✅ Network scanning and reconnaissance
  • ✅ Server penetration attempts
  • ✅ API exploitation
  • ✅ Cryptographic attacks
  • ✅ Traffic analysis
  • ✅ Brute force attacks (on systems, not the network via DDoS)
  • ✅ Man-in-the-middle attempts
  • ✅ Reverse engineering
  • ✅ Social engineering attacks (simulated—against the system, not people)
  • ✅ Any technical method to extract the private key

NOT ALLOWED:

  • ❌ DDoS attacks (doesn't prove security, just disrupts testing)
  • ❌ Physical attacks on data centers
  • ❌ Attacks on third-party infrastructure (hosting providers, DNS registrars, payment processors)
  • ❌ Harassing or social engineering LockBox team members
  • ❌ Attacking other participants

If you're unsure if something is allowed, ask in Telegram first.

WHY WE'RE DOING THIS

Because we're about to ask crypto businesses to trust us with their customers' private keys.

We've built what we believe is the most secure private key storage system ever created. Character-level sharding. Worldwide distribution. Decoy fragments. End-to-end encryption. Zero-knowledge architecture.

But beliefs aren't security. Code is.

We need the world's best hackers, penetration testers, and cryptographers stress-testing our system in every way imaginable. Better you break it now for $10,000 than a real attacker breaks it later for millions.

This test environment mirrors our production architecture exactly. If you can break this, you can break production. And we need to know that BEFORE we launch.

HOW TO PARTICIPATE

Join our Telegram community

Introduce yourself and let us know you're participating. Share your approach (or don't—stealth is fine too).

https://t.me/LockBoxio

Review the infrastructure

Study the node IPs, API documentation, and network architecture. Plan your attack vector.

Execute your attack

Use any tools, techniques, or methods. Document everything you try—even failed attempts help us improve.

Submit your findings

Found a vulnerability? Message us in Telegram Telegram with:

  • Description of the vulnerability
  • Proof of concept (screenshots, logs, code)
  • Steps to reproduce
  • Severity assessment

Collect your bounty

We'll verify within 72 hours and pay immediately via cryptocurrency.

Even if you don't crack it, share what you tried. We're learning from every attempt.

RESPONSIBLE DISCLOSURE

Found something critical but don't want to exploit it publicly? We respect responsible disclosure:

  • Contact us privately through Telegram before any public disclosure
  • We'll verify your finding within 72 hours
  • We'll pay the appropriate bounty immediately upon verification
  • We'll credit you publicly (or keep you anonymous—your choice)
  • We'll work with you on a disclosure timeline that gives us time to fix it

We will NOT:

  • Delay payment while we "fix" things
  • Threaten legal action against good-faith security researchers
  • Dispute valid findings to avoid payment

AFTER THE CHALLENGE

If the USDC remains in the wallet after 90 days:

  • ✅ We consider LockBox battle-tested
  • ✅ We publish a comprehensive security report detailing all attack attempts
  • ✅ We migrate to production infrastructure for B2B partnerships
  • ✅ All participants get credited in our security hall of fame
  • ✅ We use learnings to harden our production deployment

If someone successfully cracks it:

  • ✅ We pay them immediately (no disputes, no delays)
  • ✅ We learn from the vulnerability
  • ✅ We fix the issue and assess if we need Challenge v2
  • ✅ We don't launch to B2B partners until we're 100% confident
  • ✅ We publicly thank the researcher who found it

Either way, we win. We either get validation that our system works, or we get education about what needs fixing. Both outcomes make LockBox stronger.

TERMS & CONDITIONS

By participating in this challenge, you agree to:

  • Follow all applicable laws and regulations in your jurisdiction
  • Practice responsible disclosure for any vulnerabilities found
  • Not attack other participants or third-party infrastructure
  • Allow LockBox to publish anonymized data about attack methods (without attribution unless you consent)

This is a sanctioned security test. Participants who follow these rules and disclose vulnerabilities responsibly will not face legal action from LockBox, regardless of what they discover.

This challenge is void where prohibited by law.

WEEKLY SECURITY UPDATES

We'll post progress updates in our Telegram channel:

  • Number of active participants
  • Attack vectors being attempted
  • Interesting findings (non-critical ones we can share publicly)
  • Node security status

Transparency is part of the test.

READY TO HACK?

The network is live. The money is real. The challenge starts now.

The clock is ticking. The funds are there. The infrastructure is exposed.

Can you crack LockBox?

LINKS

  • Join Telegram: https://t.me/LockBoxio
  • API Documentation: [LINK - Coming Soon]
  • Network Architecture: [LINK - Coming Soon]
  • View Wallet on Etherscan: [LINK - Coming Soon]
  • Challenge Leaderboard: [LINK - Coming Soon]

CONTACT

  • General Questions: Ask in Telegram
  • Private Vulnerability Disclosure: DM @LanceParker in Telegram
  • Bounty Payment Questions: lance@lockbox.io

Challenge Status: LIVE

This is a time-limited security challenge. The infrastructure, bounties, and challenge rules are subject to change at LockBox's discretion.

Current bounty pool: $25,000+

THE BOTTOM LINE

We're putting our money where our mouth is.

We claim to have built unhackable private key storage. Now we're giving the world's best hackers 90 days and every tool they need to prove us wrong.

If we're right, we've earned the trust of the crypto industry.

If we're wrong, we've learned what needs fixing before real money is at stake.

This is how serious security is done.

Are you good enough to crack it?