720 832
$ 37 650. 75
+ 2.28 %

Shamir Secret Backup Scheme Bug Bounty

The New Bug Bounty program for Shamir Secret Backup Scheme starts at the international cybersecurity conference ZeroNights X, which will be held on 25 August 2021 in Saint Petersburg, Russia. You can submit your bug reports starting from June 10, at the conference we will reward participants who have found flaws and vulnerabilities in the implementation of this scheme. Also, if you can hack the scheme completely, then the main reward is already waiting for you at the bitcoin address.

To submit a bug report, open an issue on GitHub in a specific implementation in the PyBTC Python library or the JsBTC Javascript library.

Main reward

An additional 1 BTC will be paid for disclosing the attack method, which allowed to compromise the presented implementation of the secret sharing scheme.

Bug rewards

0.1 BTC - Any bug in the implementation of the presented secret sharing scheme that can lead to loss of access and the inability to recover the original mnemonic phrase.

from 0.05 BTC - Any other significant implementation bug. The exact reward amount is determined after analyzing the significance of the bug.


The 12-word original mnemonic code was split using the Shamir Secret Sharing scheme with 3 out of 5 threshold schemes were used. This means that any three shares are sufficient to restore the original mnemonic code. The goal is to break the Shamir Secret Sharing scheme or break the implementation of software for SSSS. We publish 2 of 3 shares needed to restore the original mnemonics.

Share 1:
Share 2:

In case of success your 1 BTC will waiting for you at m/84'/0'/0'/0/0 path. We use this mnemonic tool to split code.

Details about used implementation of Shamir secret scheme you can find here:

Exact software implementation you can find here:

Additional information

Armory wallet shamir scheme vulnerability:

HTC Exodus phone shamir scheme vulnerability:

Bug report from https://github.com/onvej-sl: