Home Security Million-dollar bounty offered for Tor exploits

Million-dollar bounty offered for Tor exploits

An exploit vendor has offered a bounty of US$1 million for zero-day exploits that target the Tor browser on Tails Linux and Windows.

The Washington DC-based Zerodium said the offer was open until 30 November.

However, it added a rider: the bounty could be withdrawn if its total payments to researchers reached US$ 1 million.

The million-dollar offer for Tor exploits is for those that work with JavaScript blocked. The default install of Tor allows JavaScript to run and exploits for the browser in this state will earn lower payouts

The Tor browser is used by security-conscious individuals and can be used to access those portions of the Internet known as the dark web.

zerodium million

In a Q and A, the company said it was offering the million-dollar bounty for Tor to make the world a safer place.

"While the Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the Internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse," the company said.

"We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all." 

In a FAQ, Zerodium explained that its customers were mainly US Government agencies.

"Zerodium customers are mainly government organisations in need of specific and tailored cyber security capabilities, as well as major corporations from defence, technology, and financial sectors, in need of protective solutions to defend against zero-day attacks," it said.

"Access to Zerodium solutions and capabilities is highly restricted and is only available to a very limited number of organisations."

Last month, Zerodium offered increased bounties for exploits targeting apps used for encrypted messaging.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News