Esports illustrated

Riot Games Offers 100k Bounty to Hackers

Riot Games is offering bounties of up to $100,000 to hackers who can crack its Vanguard anti-cheat. Here's what we know.

Gabby DeSena

Riot Games is rewarding hackers who can identify Vanguard anti-cheat exploits.
Riot Games is rewarding hackers who can identify Vanguard anti-cheat exploits. / Riot Games

Riot Games is well-known for its strict anti-cheat programs. The company's Vanguard program is intensely effective and has been used in VALORANT since its 2020 release. Now, Riot Games is offering bounties of up to $100,000 to anyone who can crack Vanguard's infamous systems. Here's what we know about Vanguard, Riot Games' bounties, and how hackers can apply for the rewards.

What is Vanguard?

Riot Games vanguard icon
Vanguard's icon is visible in the PC's program tray. / Riot Games

Vanguard is Riot Games' private anti-cheat program. It was originally created for VALORANT, Riot Games' first-person hero shooter. Vanguard is also utilized in League of Legends and Teamfight Tactics as of early 2024.

According to Riot Games, Vanguard is "designed to uphold the highest levels of competitive integrity for our offerings." It is an on-boot application that opens as soon as a player starts their PC. Riot Games notes: "Riot Vanguard was made with Riot Games' dedication to data privacy specifically in mind, and we worked with our legal and compliance teams to ensure it adheres to regional data privacy laws."

Riot Games' 100k Bug Bounty

Riot Games DDoS bounties
Riot Games' new DDoS bounties up the ante for hackers finding Vanguard exploits. / Riot Games

On November 19 2024, Riot Games updated their Bug Bounty page to include new rewards. The company added offerings to include specific bounties for Distributed Denial of Service (DDoS) exploits. These new DDoS bounties range from 500 USD to 100,000 USD. A detailed scope of the bounties is updated on hackerone.com.

How to Claim the Riot Games Bug Bounty

Riot Games' Bug Bounties are located on hackerone.com, a website which offers monetary rewards to white hate hackers who identify software vulnerabilities. Interested hackers can submit vulnerabilities to Riot Games' security team through the website or via email at bugbounty@riotgames.com.

It's important to note that while Riot Games' highest bug bounties amount to 100k, payouts will range depending on a vulnerability's specific category. A "non-traffic volume based Denial of Service" which "affects players only in your in-game session" has the smallest payout at $500-2,500. A "DDoS that can identify and target individual players" and "Targeted In Game Session Disconnection" will net higher bounties up to $100,000.

Hackers will have to verify their claims with Riot Games' security team before receiving a payout. The company states, "If we can validate that the reported issue qualifies for a bounty, we’ll triage it and keep you up to date about the progress towards resolution." In addition, they specify that "If Riot has to implement a code change to fix the security bug, it most likely qualifies for a bounty."

Published
Gabby DeSena
GABBY DESENA

Home/News