Crypto Bug Bounty Program

The security of our operations is our highest priority. Whether you are a professional security researcher or a beginner, we welcome your security reports

Security report guidelines

  • Tell us how the vulnerability you've discovered might be used theoretically and practically

  • What steps to take on how the vulnerability can be exploited and how we can reproduce the issue ourselves

  • Use any language you like if you don’t speak English. Our international team will consider your security report in any case

Please remember

  • We don't reward you for the already known vulnerabilities, check the list here

  • "Vulnerabilities" that affect or are present on other major websites will not be rewarded

  • Our SPF record is valid, and we do not deem account deletion a security vulnerability


Hall of fame

Thanks to the researchers who have already reported important security issues! Learn the history of our rewards

List of already known vulnerabilities we do not reward for:

  • A missing DNS CAA record

  • Ticket Trick vulnerability

  • The presence of JPEG EXIF metadata

  • Some IPs of our servers are exposed to the internet

  • Plain text passwords are sent to our users via email

Show More