Cybersecurity firm Wiz announced on October 7, 2025, the launch of ZeroDay.cloud, a $4.5 million cloud and AI-targeted hacking competition that brings together the biggest names in cloud computing to crowdsource vulnerability discovery. In partnership with Amazon Web Services, Google Cloud, and Microsoft, the competition represents one of the most ambitious collaborative security initiatives in the cloud era — and it has direct implications for the cryptocurrency industry, where cloud infrastructure underpins exchanges, wallet services, and DeFi protocols.
The Threat Landscape
The launch comes at a critical moment. Approximately 75% of cloud environments rely on Redis, the in-memory data store that was revealed this week to harbor a critical vulnerability dubbed RediShell (CVE-2025-49844) with a perfect CVSS score of 10.0. Roughly 330,000 Redis servers are exposed to the internet, and 60,000 of them operate without any authentication. This single vulnerability illustrates the broader problem: cloud infrastructure that underpins crypto platforms is riddled with potential attack vectors that often go unnoticed until exploited. The ZeroDay.cloud competition aims to surface these vulnerabilities before malicious actors can leverage them.
Core Principles
The competition operates on the principle that offensive security research — when conducted ethically and with proper authorization — is the most effective way to identify systemic weaknesses. Wiz’s research arm has structured the competition to reward researchers who discover zero-day vulnerabilities in core cloud services and AI infrastructure. The $4.5 million prize pool signals the seriousness of the investment in proactive defense. For the crypto sector, this is significant because virtually every major exchange, custody provider, and DeFi platform operates on cloud infrastructure. Vulnerabilities in foundational cloud services can cascade into crypto-specific breaches, as demonstrated by the growing trend of infrastructure-level attacks that bypass application-layer security.
Tooling & Setup
Participants in the ZeroDay.cloud competition will have access to sanctioned testing environments provided by AWS, Google Cloud, and Microsoft. This structured approach ensures that security research remains within authorized boundaries while maximizing the chances of discovering real vulnerabilities. The competition framework includes clear rules of engagement, responsible disclosure timelines, and verification processes. For crypto security teams, the existence of such a competition provides a model for how to engage with the broader security research community. Rather than relying solely on internal security audits, platforms can benefit from the collective expertise of thousands of independent researchers who approach infrastructure from perspectives that internal teams may overlook.
Ongoing Vigilance
The ZeroDay.cloud initiative highlights a fundamental truth about modern security: it is a continuous process, not a one-time achievement. The Redis RediShell vulnerability existed for 13 years before discovery, and it affects every Redis version due to its root cause in the underlying Lua interpreter. This kind of latent vulnerability is precisely what ongoing security research aims to uncover. With Bitcoin hovering around $121,450 and the total crypto market cap exceeding $3.8 trillion, the financial incentives for attackers have never been greater. Organizations that treat security as a quarterly checkbox exercise remain vulnerable to adversaries who operate around the clock.
Final Takeaway
The collaboration between Wiz and the three largest cloud providers represents a maturing approach to infrastructure security. For the cryptocurrency industry, where trust in infrastructure is paramount, this kind of proactive vulnerability discovery is essential. Exchanges, custody providers, and DeFi platforms should monitor the competition’s findings closely and ensure their own infrastructure benefits from the lessons learned. The $4.5 million investment in offensive security may well prevent losses that dwarf that amount many times over.
This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research.
$4.5M prize pool for finding zero-days in cloud infrastructure is a smart move by Wiz. crowdsourced security at scale works
Multi-sig wallets should be the default for everyone in crypto
sats_only_ multi-sig should be default but the UX on hardware wallet + multi-sig setups keeps 95% of users on single-key. convenience always wins over security
Kenji multi-sig UX is getting better with account abstraction. the convenience gap is closing, just not fast enough
Real-time monitoring tools are getting better at catching exploits early
Olga Petrov 60K redis servers with zero authentication exposed to the internet. the redishell CVSS 10.0 was a ticking time bomb
Olga Petrov 60K redis servers with zero auth exposed to the internet. Redishell CVSS 10.0 was a loaded gun and everyone was standing in front of it
redis_patched 60K unauth redis servers exposed and we wonder why DeFi keeps getting drained. cloud hygiene is the unsexy problem nobody wants to fix
The cost of a security breach always exceeds the cost of prevention