Riot Games offers $100k bounty to expose hackers in LoL & Valorant

Cande Maldonado
Vanguard protecting LoL and Valorant

Riot Games is putting its money where its mouth is, offering up to a cool $100,000 to anyone who can poke holes in their anti-cheat system, Vanguard, which protects League of Legends and Valorant.

It’s a bold move in Riot’s ongoing crusade to squash hackers and keep matches fair. Riot’s been pouring resources into anti-cheat measures for years, and Vanguard is the crown jewel. Hackers are much less of an issue in Riot’s games than, for instance, Call of Duty.

It runs at the kernel level – basically, the deepest part of your PC – to spot cheats before they can ruin the game. Sure, it’s led to a safer playing field, but some players are side-eyeing it for privacy reasons. Still, there’s no denying its success against everything from aimbots to shady hardware exploits.

Now, Riot is upping the ante with a bounty program that’s basically inviting ethical hackers to do their worst.

Riot pays you to find Vanguard exploits in LoL and Valorant

Vanguard working

As shown in a listing on HackerOne, Riot is ready to reward those who can find exploitable vulnerabilities. In case you’re unfamiliar with this company, it connects organizations with ethical hackers to help find and fix security flaws.

It’s like a matchmaking service for hackers and companies who want to beef up their digital security. Big names in gaming like Rockstar Games and Epic Games also use HackerOne to run their own bug bounty programs.

Riot has been on HackerOne for a while, but they’ve recently bolstered their efforts when it comes to finding Vanguard vulnerabilities and are offering up more cash than ever to those who can find and report game-breaking exploits.

Here’s what you can earn if you manage to crack the code on some of their highest bounties:

  • Network Attack with No User Interaction:
    • Kernel-Level Code Execution: Up to $100,000
    • Unauthorized Data Access: Up to $75,000
  • Network Attack Requiring User Interaction:
    • Kernel-Level Code Execution: Up to $75,000
    • Unauthorized Data Access: Up to $50,000
  • Local Attack for Privilege Escalation:
    • Kernel-Level Code Execution: Up to $35,000
    • Unauthorized Data Access: Up to $25,000

This program is Riot’s way of doubling down on their anti-cheat commitment. By incentivizing researchers to find Vanguard’s soft spots, they’re hoping to patch potential vulnerabilities before malicious hackers get the chance.

But there’s a catch: the bounties are only for exploits within Vanguard’s kernel-level driver. To cash in, hackers need to submit a solid proof of concept and follow strict rules. And, if they speak publicly about the exploit they found, they’ll be ineligible to cash in on that bounty.

By throwing serious cash at this initiative, Riot isn’t just defending their games; they’re setting the bar for the gaming industry. Crowdsourcing security is the new standard, and Riot’s not afraid to ruffle a few feathers to keep the playing field level.