Your security is our priority
User security has always been our priority and concern at Kryll.
Since the earliest version of our whitepaper we committed to a quarterly external security audit of the whole platform to ensure a maximum security.
We built up the Kryll platform with security in mind (using industry standard hardware or software protections, consulting with security professionals, enforcing 2FA on the platform, etc ...), but before the release of our first version (the Funder Edition many of you are already enjoying), we have hired the services of HackerOne to get an external, unbiased assessment of the platform security, and upgrade it if needed. Security researchers hunted for vulnerabilities in the kryll.io platform for two weeks and reported them to us through the HackerOne platform so we could fix them before the release.
What is HackerOne ?
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Dropbox, Qualcomm, Starbucks and many more have partnered with HackerOne to resolve over 80,000 vulnerabilities and award over $35M in bug bounties.
HackerOne was founded by security leaders from Facebook, Google and Microsoft.
Security Challenge
From its community of over 200,000 hackers, HackerOne curated a set of top-tier researchers to focus on identifying vulnerabilities on kryll.io platform. From August 23rd, 2018 to September 7th, 2018 nearly 40 ethical hackers have tested our production platform and hardware for security vulnerabilities in a HackerOne Challenge, also known as a crowd-sourced penetration test, more details about challenges can be found here.
Audit Result
During the security researchers’ two weeks of testing, a total of 4 vulnerabilities (1 medium and 3 low risk based on the industry-standard CommonWeakness Enumeration taxonomy) were identified on https://platform.kryll.io which have been fixed in a matter of days by the development team.
Here’s what Eduardo C. Technical Program Manager at HackerOne says about the challenge: “Cryptense was actively engaged during the course of the challenge, fielding questions from hackers and ensuring they have the resources necessary for testing. Conducting the challenge on their production environment speaks to their commitment to security and transparency.”
What is next ?
We have committed to assessing the security of our platform on a regular basis and will follow up on the excellent collaboration with HackerOne by setting up an HackerOne Bug Bounty Program (ongoing as in never-ending) to ensure the platform will always meet our (and your) security standards.
In the meantime, security researchers that would come across a vulnerability can reach us by any of the means mentioned below, or by mail to dev[at]kryll.io.
Be sure to follow us on all our social networks.
Our website: https://kryll.io
Twitter : @Kryll.io
Telegram : https://t.me/kryll_io
Discord: https://discord.gg/PDcHd8K
Facebook : https://www.facebook.com/kryll.io