# Russian Broker Offers $4 Million For Telegram Zero-Day App Attack

A recent development in the world of cyber threats has left experts and users alike on high alert. A Russian broker, known for selling zero-day exploits to private and government organizations, is offering a staggering $4 million for a zero-day exploit attack against the popular messaging app, Telegram.

The offer, which was made via a posting on the X social media platform, is part of an initiative by Operation Zero, a brokerage that specializes in selling zero-day vulnerabilities to Russian organizations. The company has announced rewards totaling $6 million for hackers who can discover zero-days in the Telegram messenger service.

According to Operation Zero, the rewards are as follows:

  • Telegram 1-click RCE (Remote Code Execution) — Up to $500,000
  • Telegram 0-click RCE (Zero-Click RCE) — Up to $1,500,000
  • Tagram full chain — Up to $4,000,000

The offer has sent shockwaves through the cybersecurity community, with many experts expressing concern over the potential implications of a successful zero-day exploit attack on Telegram.

A zero-day vulnerability refers to any previously undiscovered bug that could enable an attacker to do something they really shouldn’t be able to. In the case of Telegram, a zero-day exploit would allow unauthorized, remote, and even no-click access to a system, user, or data. This raises serious concerns about the potential for widespread harm and exploitation.

Telegram has denied that it has ever been vulnerable to a zero-click exploit, stating that its open-source app code and fully documented encryption protocols have allowed numerous researchers to verify the integrity of its security. The company's transparency and commitment to security have made it a leader in the messaging app space.

However, Telegram's competitor, WhatsApp, has faced similar challenges in the past. In January 2024, December 2019, and November 2019, zero-click exploits were discovered in WhatsApp, highlighting the vulnerability of closed-source code and encrypted messaging apps.

The recent offer by Operation Zero serves as a reminder that cyber threats are evolving rapidly, and companies must remain vigilant to protect their users' data and security. As the threat landscape continues to shift, it's essential for individuals and organizations alike to stay informed and take proactive measures to safeguard themselves against these emerging risks.

Update: Telegram spokesperson Remi Vaugh has provided a statement in response to the offer, saying that the company has never been vulnerable to a zero-click exploit. The fact that money is being offered for finding one only shows that they've been unable to. Telegram's open-source app code and fully documented encryption protocols have allowed numerous researchers to verify the integrity of its security. Further, Telegram is the only major messenger that has verifiable builds for both Android and iOS, allowing anyone to verify the apps published to stores are built from that same code.

Stay tuned for further updates on this developing story as more information becomes available.