What Happened to the $250,000 GK8 Wallet Hackathon?

Reading Time: 2 minutes
  • Three years ago this week, crypto custody platform GK8 offered hackers $250,000 in bitcoin to compromise their cold wallet
  • The story was big news at the time, but the COVID-19 pandemic buried the story
  • Did anyone take home the prize, or was the wallet indeed “unhackable”?

Three years ago this week, security company GK8 offered $250,000 in bitcoin to anyone who could hack their new crypto custody platform. Thousands of hackers of both color hats took part in the exercise, which GK8 naturally hoped would end with them being able to maintain their claim that the platform was “unhackable” and not having to watch $250,000 in bitcoin go out the window. The COVID-19 explosion practically buried the results, so let’s revisit what actually happened on the day in question.

Hackers Given Advanced Warning of Coin Move

GK8 is an enterprise-grade custody platform that has been designed for institutions such as exchanges and hedge funds to store their crypto. In January 2020 it made a very attractive offer – anyone who could hack its cold wallet containing $250,000 worth of bitcoin within a 24-hour period could take it. The amount was chosen to grab attention – and it worked.

Such was GK8’s confidence that it publicly disclosed its physical office address, as well as the sender and receiver address and the exact time that the bitcoin bounty would be moved into the wallet, a week in advance. This was to give the hackers “an actual shot at breaking into it.” Employees were escorted some of the way home, and the internal and external office security was beefed up.

Authenticity of the Stunt Questioned

Around two hundred hackers signed up in advance, but on the day in question GK8 was aware of “thousands of users globally downloading, viewing, and going through company information”, presumably in an attempt to get to the wallet. In the end, no one was successful, and GK8 used its success to reinforce its claims that its cold wallets could not be hacked.

Despite its success, not everyone was convinced with GK8’s claims:

gk8

So who’s right? Keeping all those hackers at bay for 24 hours was a feat indeed, but hackers don’t normally stop after 24 hours – especially when a crypto exchange or hedge fund is the target. If this had been kept up for a week it would have been a more realistic feat, but there are obvious reasons why this couldn’t be done.

No doubt it was good PR for GK8, but as proper, real-world tests go, it failed to live up to reality. However, in the three years since the exercise was launched it still hasn’t been hacked, so perhaps they were right all along?

Share