banner-campaign
Статистика

Crypto Bug Bounty Program

The security of our operations is our highest priority. Whether you are a professional security researcher or a beginner, we welcome your security reports

Security report guidelines

  • Tell us how the vulnerability you've discovered might be used theoretically and practically

  • What steps to take on how the vulnerability can be exploited and how we can reproduce the issue ourselves

  • Use any language you like if you don’t speak English. Our international team will consider your security report in any case

Please remember

  • We don't reward you for the already known vulnerabilities, check the list here

  • "Vulnerabilities" that affect or are present on other major websites will not be rewarded

  • Our SPF record is valid, and we do not deem account deletion a security vulnerability

)

Hall of fame

Thanks to the researchers who have already reported important security issues! Learn the history of our rewards

List of already known vulnerabilities we do not reward for:

  • A missing DNS CAA record

  • Ticket Trick vulnerability

  • The presence of JPEG EXIF metadata

  • Some IPs of our servers are exposed to the internet

  • Plain text passwords are sent to our users via email

Show More