Vault Challenge

Crack the vault. Keep the funds.

Current Reward

···

Ethereum Mainnet • Live

Time Elapsed

--Days

--Hrs

--Min

--Sec

Challenge active

+$100/week added to the reward wallet.

Support the Bounty

Donation Address (ETH Mainnet)

0x7fAb2f1b2393f7Aba1663d3847af1d5e0e34892A

Every donation increases the reward. Your ETH goes directly into the challenge wallet.

The Challenge

This is a real VaultKeepR vault, created with the production cryptographic stack — identical to what every VaultKeepR user has. Inside is the private key of an Ethereum wallet containing the reward.

Decrypt it → import the private key → transfer the funds. First to move the funds wins.

Dual-Factor Protection (Account Abstraction)

Like every VaultKeepR vault, this one is protected by two independent factors:

Factor 1

Master Password

Unknown. Must be brute-forced or guessed.

Factor 2

Device Secret Key

32 random bytes stored on the user's device. Unknown to attackers without device access.

Identity Derivation

keccak256(secretKey + ":" + password) → Smart Wallet

The Smart Wallet signs a challenge message. The signature + password are fed into Argon2id.

Both factors are required to derive the Smart Wallet, produce the signature, and generate the encryption key via Argon2id. You need both to decrypt.

Argon2id 64 MiBXChaCha20-Poly1305Account AbstractionHMAC-SHA256 CommitmentTwo-Factor Required

How It Works

password+secret_key

↓ keccak256(secretKey + ":" + password)

→Smart Wallet (private key)

↓ sign challenge message

→password+hw_signature

↓ concatenation

→Argon2id (m=64 MiB, t=3, p=4)

↓ 256-bit key

→XChaCha20-Poly1305

↓ decrypt

→Reward private key

The Smart Wallet is derived deterministically from the password and a device-bound Secret Key via keccak256. The wallet then signs "VaultKeepR Bug Bounty Challenge -- I authorize this vault encryption" (EIP-191 personal_sign). Neither the Secret Key nor the signature are published.

Cryptographic Parameters

KDF

Argon2id (m=64 MiB, t=3, p=4)

Cipher

XChaCha20-Poly1305

Commitment

HMAC-SHA256 (mandatory v3)

Identity

Account Abstraction (keccak256)

Key Input

password || hw_signature

Key Length

256-bit (32 bytes)

Nonce

192-bit (24 bytes)

Salt

128-bit (16 bytes, random)

Vault Version

Chain

Ethereum Mainnet

Wallet Addresses

Reward Wallet (funds inside)

0x7fAb2f1b2393f7Aba1663d3847af1d5e0e34892A

Smart Wallet (KDF input — address only)

0x7C93933A2e25aD767F46bCF4B10dc7D8Ddf33348

Derived from password + Secret Key via keccak256. The Secret Key (32 bytes) is unknown.

IPFS Attestation

Vault published on IPFS

The encrypted vault is pinned on IPFS. You can download it directly from any IPFS gateway.

IPFS CID

QmYQXKLAyzWxKx1kPo1JPzYwAZrhjM1jkUiaW7qmv9ayhg

Pinata dweb.link 4everland ipfs.io

Encrypted Vault Data

{
  "ciphertext": "af47cbd6fc0188f2efa1e6450b234bf5a84441616948fbe8a4094de6d4c96e5a2be68fa896335291041ecf4cc82f211c213e6aabb3e8d22497b397384996edf5df68e3a9866cefa80b68eeaec21caa41336aaecb68d5063a503a17911f9c9f4ed077db13b4240df3d3f4c134a1c40cb81b61930c219d4570dcede33ebac2eba057651d528d24e4d6d841a316b3e925a6c4033ae106f49d0ee47bcc4f1f27b26aef71821495862fcfadc0529a1830338af2aee425b3b4681f254d2b25626e9285d1e923aa9318ccca71f541b4a26f65515d650798be32d665daea025b8566ef9368631057e1efb623f780dd3865bc7624d3159a31f39dfb060024eca076f1c44b502079925e87fb663f8a25f62fb82588ebf8da9b6f54bf9e1078226767abba645d93c04d1b8607c6a69dc65c22330b4908bacf572b4ac2c0f0e856baacc97c4d5451fd980eb90dfbab2d34b8f85a15f1639ab44ef5380ed96b22bdcac6839e54e0bceef95ee0762b2c42fa538effe384a27c0176a18cb3f168a39d266c4d3c9e3232f573ab3ed7f29cdcf5ce99a6be837255d1a5f9b53ce4b78553d2a3f3e327b334247c514ec96b28ad0094208ed1c3eefad6b9568106a7b46e8efc9978489959b3e28c3806d7b41001444a63164fc3048108ed625bb704867969e63d343a7f9cfe44ac8551605963c9b1f56aadae7c11e8e1a5bfb4dcea6cbb008c1c9092934ac18ebda0b1fd9fc0af06d4d23b917ba38c14e110fb02eb44f293b9a0fa2d61d8b22cfa12d0a83de00696ddfc9171abc7f21abe067b6e429aa761c5cd4f3a8d1ecebee95f6677b922c02913d15d0d5ccb079c93ec101fd3fc6e9f48dbb22cba2e8d6eb7648aadb1a254fca09dff753a2a6e7255e3cd7542e23eaacb29a5d752130001a38b856df29b1df1bcd50032e1f9c71e6b2df76a2f3a6e2db88882695e2d5f751651abdf9a791ab69df1a3e955de21163e0f0d0d09aea6a63d7b3b9bd533e380e9c38730930bd1061fa5",
  "nonce": "f6d490681e41b998c6865014151a5a711ac293d8dbc5765f",
  "salt": "b91857117e914651ee6ad65e40bad21f",
  "commitment": "8abe4e0c4215510f87a5603b2bf3ed3d9271b0ffe3e6589742d4d28fca1849d8",
  "version": 3,
  "walletAddress": "0x7C93933A2e25aD767F46bCF4B10dc7D8Ddf33348",
  "challengeMessage": "VaultKeepR Bug Bounty Challenge -- I authorize this vault encryption",
  "kdf": {
    "algorithm": "argon2id",
    "m": 65536,
    "t": 3,
    "p": 4,
    "dkLen": 32,
    "saltLengthBytes": 16
  },
  "cipher": {
    "algorithm": "xchacha20-poly1305",
    "nonceLengthBytes": 24,
    "keyLengthBytes": 32
  },
  "commitmentScheme": {
    "algorithm": "hmac-sha256",
    "domain": "vaultkeepr-v3-commitment"
  }
}

Note: neither the Secret Key nor the wallet signature are included above. This is realistic — an attacker accessing a vault on IPFS sees exactly this data. The Secret Key is stored only on the user's device, and the signature must be derived from it.

Rules

Crypto-only attack surface — social engineering, phishing, server hacking are out of scope.
Source code is public — review the full implementation at vaultkeepr-core.
First to move funds wins — the blockchain is the proof.
No time limit — the challenge remains active until the funds are claimed.
Share your approach — even partial findings help improve security. Use the submission form below.
Reward increases weekly — $100/week added to the wallet, plus community donations.
Realistic conditions — this vault is identical to a real user's vault. No shortcuts, no hints.

Source Code

VaultKeepR/vaultkeepr-core

241+ tests • MIT License • Fully auditable

Submit Findings

Submit Your Findings

Found something? Even partial breakthroughs are valuable. Your identity stays confidential.