Security Audits

Secure3

Secure3 is a battlefield where elite auditors compete to safeguard Web3 innovations against security threats. They have provided security audits for over 140 projects, including zkSync, Polkadot, and more!

All findings have been successfully resolved and published on their site. The audit report can be found here:

• https://app.secure3.io/5c92d55acd

• https://github.com/mybucks-online/.github/blob/main/Mybucks_online_Secure3_Audit_Report.pdf

Note: Secure3 is currently experiencing technical issues with their content server. We have provided the GitHub link as a secondary option to ensure you can always access the report.

HackenProof

A huge thank you to Hackenproof and their incredible ethical hackers who stress-tested our protocol, including @seifelsallamy, @jonas-millard, @hartjustin6 and @cats-are-aliens.

HackenProof is a bug bounty platform that connects blockchain companies with a global community of ethical hackers to uncover security vulnerabilities.

To battle-test our architecture, we’ve launched an open-entry Wallet Cracking Challenge here: https://hackenproof.com/programs/mybucks-dot-online-wallet-cracking-challenge

After a month-long active cracking window, the Honeypot wallet proved its resilience. We have successfully withdrawn the bounty funds. To allow for community verification of our deterministic derivation, the credentials used were:

Passphrase: 3xFbsYA9V*FP PIN: 225588

In addition to the challenge, we received several constructive reports and architectural reviews from the community. To implement these insights and further harden the security of mybucks.online, we have released a major update. This new version—featuring optimized Scrypt parameters and an enhanced salt generation mechanism—is now the default for all new wallets.

OpenBugBounty

To further our commitment to transparency, we are preparing a public bug bounty program on OpenBugBounty.org, inviting the global research community to help keep us secure.

Vulnerabilities Disclosure Policy

We value the security community and welcome responsible disclosure of potential vulnerabilities. To maintain a secure and collaborative environment, we ask researchers to adhere to the following guidelines:

• Do No Harm: Do not attempt to access user funds, disrupt services (DDoS), or extract sensitive data.

• Report Privately: Send all findings directly to us via our Open Bug Bounty Program or via email at [email protected].

• Give Us Time: Allow us a reasonable timeframe to investigate and remediate the issue before making any information public.

In return, we will acknowledge your contribution on our Security Audits page and provide recommendations on your security profile.

For valuable findings, we will provide a small symbolic gift delivered via our unique 1-Click Wallet feature. This allows you to claim your reward instantly without needing an app or registration.

Building Trust

Our goal is to continuously enhance our product and undergo additional security audits. By obtaining more certifications, we aim to build trust and ensure you can use our product with confidence.