On May 18, the Financial Supervisory Service and the Financial Security Agency announced a significant expansion of their bug bounty program aimed at identifying security vulnerabilities in the financial sector. The program will now include virtual asset providers and corporate insurance agencies (GA), increasing the number of participating financial institutions from 32 last year to 70 this year.
The joint initiative, titled the “2026 Financial Sector Security Vulnerability Reporting Reward Program,” aims to proactively identify and address security weaknesses in digital financial services operated by financial companies. Under the bug bounty program, external participants, including white-hat hackers, can report newly discovered security vulnerabilities on financial company websites, mobile apps, and home trading systems (HTS) to receive rewards after evaluation.
This year, the scope of participation has expanded to include not only traditional financial institutions such as banks, investment firms, and insurance companies but also virtual asset providers and GAs. As a result, the number of services eligible for vulnerability detection has increased to 306 across 70 companies, representing a 119% increase from the previous year.
Eligible participants must be South Korean citizens and can apply through the Financial Security Agency’s “Financial Sector Software Supply Chain Security Platform” until August 31. The vulnerability reporting period runs from June 1 to August 31, and rewards of up to 10 million won will be given for each reported vulnerability after evaluation. Additional incentives will be provided to outstanding reporters.
Financial authorities have noted that the need for security assessments is growing due to the increased use of artificial intelligence (AI), cloud transitions, and the spread of open-source software development in the financial sector. The initiative aims to enable financial companies to proactively respond to cyber threats by identifying unknown vulnerabilities early through the involvement of external experts.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.