Hack the Bank.
Drain the Vault.

A CTF platform where the goal is to exploit real web vulnerabilities to steal $10,000,000 from the bank vault.

Create Account View Challenges
💰 Vault Reserves $10,000,000
Goal: drain it to $0
🎁
Promo Code
Register and use the promo code HACK2024 to get $1,000 in starting funds.
🔓
6 Vulnerabilities
SQL Injection, IDOR, Negative Transfers, JWT Forgery, Race Conditions, Command Injection.
🏆
Leaderboard
Race against other hackers to drain the vault first. Top balance wins.

Challenge Overview

# Challenge Vulnerability Difficulty Reward
1 Broken Gates Login Bypass Easy $500,000
2 Identity Crisis IDOR — Insecure Direct Object Reference Easy $1,000,000
3 Negative Equity Business Logic Transfer Failure Medium $2,000,000
4 Token Trouble JWT Algorithm Confusion (alg:none) Medium $2,000,000
5 Lightning Round Race Condition Hard $2,500,000
6 Shell Shocked OS Command Injection Hard $2,000,000

National Bank Of Spain — For educational/CTF use only — All vulnerabilities are intentional

Use promo code HACK2024 after registering to claim your $1,000 starting bonus