South Korea Expands Financial Bug Bounty Program to Crypto Firms, Insurance Agencies

South Korea’s Financial Supervisory Service will expand this year’s financial-sector bug bounty program to include virtual asset service providers and corporate insurance agencies, among others.

The Financial Supervisory Service and the Financial Security Institute said on May 18 they will run the 2026 Financial Sector Bug Bounty program to strengthen the sector’s response to cyber threats.

Under the program, outside security experts and white-hat hackers can identify and report vulnerabilities in financial companies’ websites, mobile applications and home trading systems. Rewards are paid after a review.

The Financial Supervisory Service more than doubled the number of companies subject to vulnerability checks to 70 from 32. The number of services covered rose to 306.

Virtual asset service providers and corporate insurance agencies, or GAs, were newly added in the latest expansion.

Applicants can sign up through the Financial Security Institute’s financial-sector software supply chain security platform through Aug. 31. Any South Korean citizen is eligible to participate, and rewards of as much as $7,200 will be offered.

The Financial Supervisory Service said the program will help strengthen the financial sector’s preemptive security response system.

“This bug bounty program is part of preventive digital risk supervision measures,” Lee Jong-oh, deputy assistant governor for digital and IT at the Financial Supervisory Service, said. It will give financial companies a chance to identify and address potential security vulnerabilities on their own, he added.

He also said the use of white-hat hackers’ collective intelligence should help strengthen the sector’s overall security response capabilities against increasingly sophisticated cyber threats.