The contest was held in two stages. At first, the participants were provided with copies of virtual machines containing vulnerable web services of an online banking system (an analogue of an actual Internet banking system). The participants should detect vulnerabilities in the system within a specified period of time. In the second stage the participants were to exploit the vulnerabilities for unauthorized money withdrawal.
The remote banking system iBank was designed especially for the contest. It contained vulnerabilities that occurs in real life.
Participants had an hour to use the vulnerabilities they had detected during the first stage and to transfer the money from the ATM to their own account. 20,000 rubles were stored in the system.
This year, hackers were about to empty the account of the virtual bank. 17,000 rubles were stolen. Hackers could also attack the accounts of other participants.