The security of our operations is our highest priority for many reasons: we're dealing with our clients’ money, we must protect our partners' privacy, and we have our own reputation at stake. Either you are a professional security researcher or just a beginner, we welcome your security reports. However we'd love them to be useful and actionable, that's why we have certain recommendations in their regard.
Security report guidelines:
- Please provide the information on how the vulnerability you've discovered might be used both theoretically and practically, what its impact is, and all the pertinent details.
- Please provide the exact steps on how the vulnerability can be exploited and how we can reproduce the issue ourselves. We'd love to see the demonstration of the attack which will not affect our existing users. You may create as many test user accounts as you need.
- Please submit the bug report via our support channels (email or web site widget) but only after you've verified that the bug indeed exists.
- Use whatever language you prefer if you don't feel comfortable writing in English.
We are leaving the monetary reward you'll get for your report to our discretion. The reward will be paid in bitcoins. Please remember that we don't reward for the already known vulnerabilities listed in our Knowledge Base.
We welcome you to help us with finding flaws in our code by clicking “Report a bug” button on the bottom of our website.
Hall of fame
The Hall of Fame is stored in our Helpdesk.
