in

Riot will pay you $100K to find new League of Legends bugs

Lux in Demacia League of Legends

Hackers, get ready! Riot Games wants you to find security issues and bugs in League of Legends and other games for a possibly tremendous cash reward.

League of Legends, Valorant, and other Riot Games titles have had their fair share of game-disrupting issues over the years. Some bugs, however, pose a greater threat to actual security, rather than just being annoying. To try and mitigate future issues, Riot is offering a potentially massive bounty to those who can find these security risks.

What counts as a $100,000 bug? And how do interested parties sign up?

Here are the qualifying bugs and rewards

Riot is looking for several different kinds of bugs across League of Legends, Valorant, and other games.

The company is the most concerned about finding ways that bad actors can access and exploit user data. As such, all reports must relate to products that Riot Games has control over rather than larger network or service issues. Riot is mainly interested in bugs related to the following categories:

  • Player experience denial of service
  • Vanguard exploits
  • Vulnerabilities in the Hypexi infrastructure
  • Standard cheats or exploits
  • Content acquisition exploits
  • General infrastructure and client-side vulnerabilities

Qualifying bugs can earn the finder a bounty from $250 to $100,000, depending on the severity. Bugs that affect players in multiple game sessions are worth more, as are those that focus on the anti-cheat Vanguard. Targeted in-game session disconnections and Vanguard network attacks carry the largest rewards.

Riot games personified with Vanguard as casting an evil spell

Additionally, reports that have easy-to-follow reproduction steps, have clear details about how the bug can be exploited, and avoid accessing player data without permission are more likely to earn bounties. Riot pays out rewards at its own discretion, and the actual amount may vary.

How to sign up to find bugs in League of Legends and other Riot games

Currently, those who want to participate in finding bugs for League of Legends and Valorant need to be invited.

All parties have been instructed to keep their involvement and bugs they find a secret. Violating this agreement runs them the risk of forfeiting any bounty earned. At this time, Riot has not clarified how they select participants. Cybersecurity company HackerOne co-runs the program and could be involved in recruiting people.

For those who aren’t part of the selective team dedicated to finding bugs for Riot, they can still report any issues they have through their account or by submitting a ticket. They just won’t get the $100,000 bounty.

Written by M Alzamora X Twitter Logo

M Alzamora is partial to indie games and Pokemon, but loves to learn more about other games and genres. She collects every Eevee and Eeveelution in Pokemon Home, and that's in addition to her giant stuffed Leafeon and smaller stuffed Piplups. Her previous work has been seen on Working Classicists and in the From the Sublime zine. You can find her on X / Twitter at @mkalza_writes.

Asmongold Tectone

Asmongold talks Tectone allegations, contradicts story on OTK exit

League of Legends Noxus lore Arcane

What you should know about Noxus before the next Arcane spinoff