SPIRITCYBER25: Live IoT Hackathon in Singapore

SPIRITCYBER 2025: Hacking Smart Devices at a National Scale

Organised by the Cyber Security Agency of Singapore (CSA) in partnership with YesWeHack, SPIRITCYBER25 is a IoT hackathon that invites security researchers around the world to test, break, and report vulnerabilities in real smart devices used across Singapore, one of the most connected cities in the world.

Now in its third edition, SPIRITCYBER reflects Singapore’s continued commitment to strengthening the security of its Smart Nation infrastructure. As part of a broader national strategy to collaborate with the global ethical hacking community, this initiative aims to proactively identify and address vulnerabilities in connected technologies, ensuring greater security and reliability for the individuals, businesses and public services that use these systems every day.

Event Structure

Phase 1: Online Qualifiers

🎯 15 September – 15 October 2025
Participants will receive remote access to testbeds of smart devices deployed in Singapore. This is a 4-week challenge where participants are allowed to conduct reconnaissance and submit artefacts of your exploits.

  • The vulnerabilities must be unknown, unpublished, and/or not previously reported to CSA.
  • Submissions will be reviewed based on technical impact and creativity.

Phase 2: Live Finals in Singapore

🏁 22–23 October 2025 @ Marina Bay Sands
Top performers will be invited to Singapore to take part in a two-day live hacking competition during Singapore International Cyber Week (SICW).

  • Up to 3 members per team will receive a travel allowance* to subsidise flight and accommodation.
  • Teams will be testing the physical IoT targets onsite in a race against time.

Rewards and Target Categories

💰 Featuring a USD 50,000 prize pool awarded across three categories:

1. Military Drones

2. Industrial Surveillance Cameras

3. Smart Home & Personal Devices

Prizes will be awarded to teams who can demonstrate the most novel exploit to successfully compromise the target devices in the different categories. In case of a tie, the prize allocated for the target is split between the first two valid entries submitted.

Showcase Your Skills Live

Finalists will not only test their skills onsite with the physical IoT devices, but also engage directly with CSA’s IoT security team, the experts behind the program. The event will kick off with an opening keynote by Singapore’s Acting Minister for Transport, Mr Jeffrey Siow, and will be covered by both local and international media. For those who thrive on technical challenge, collaboration and tangible impact, SPIRITCYBER25 is an opportunity you don't want to miss!

🔗 Submit your details via this form to register your interest

About YesWeHack

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform used by hundreds of organisations and tens of thousands of bug hunters worldwide. Built and run by ethical hackers since 2015, our Bug Bounty platform offers fast, in-house triage, fair rewards and prompt payouts, and compliance with stringent EU data security laws.

YesWeHack manages hundreds of private and public programs and holds regular Live Hacking Events. Bug Bounty programs include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces.

Bug hunting is boosted by YesWeHack’s CTF playground/training platform (Dojo), various bug hunting tools, responsible vulnerability disclosure platform (ZeroDisclo.com), non-partisan Bug Bounty/VDP search engine (FireBounty.com), and a blog featuring technical tips and interviews.

Find out more at www.yeswehack.com and via X, LinkedIn, YouTube and GitHub.