Awards paid out to anyone that produces verified evidence.
When fixed, start the bounty again.
If hacks take 12 months, each year the bounty could build to values that would attract the best code breakers. It should become harder to break things after fixes.
You want to build up a $1m, or even $10m, bounty over time to make a statement over security.
In theory it should not be difficult provided money incentives are there.
Kristov Atlas identified sybil attack on the mixing parties as a possible weakness when he did his review.
Back then the count of mixing parties were 2, to increase speed. But 2 is very easy to identify the other party. So mixing parties got up to 3 to fix that. But 3 is still low and can be sybil-attacked. All one has to do is run multiple sybil-mixing-parties bots, all day long, to "catch" those mixing. The cost of doing so would be in the fees paid to do all the mixing. Now, if you have this thing running all the time, at some point you'll catch someone who is mixing alone and you can pretend to be all his other mixing partners. At that point you have verifiable evidence that at least one tx got deanonymized. Your bounty prize will easily exceed the fees paid.
Sybil attacking the mixing parties is much cheaper than sybil attacking masternodes. And this needs fixing.
Now send me the bounty