Crypto Bug Bounty Program
The security of our operations is our highest priority. Whether you are a professional security researcher or a beginner, we welcome your security reports
Security report guidelines
Tell us how the vulnerability you've discovered might be used theoretically and practically
What steps to take on how the vulnerability can be exploited and how we can reproduce the issue ourselves
Use any language you like if you don’t speak English. Our international team will consider your security report in any case
Please remember
We don't reward you for the already known vulnerabilities, check the list here
"Vulnerabilities" that affect or are present on other major websites will not be rewarded
Our SPF record is valid, and we do not deem account deletion a security vulnerability
Hall of fame
Thanks to the researchers who have already reported important security issues! Learn the history of our rewards
List of already known vulnerabilities we do not reward for:
A missing DNS CAA record
Ticket Trick vulnerability
The presence of JPEG EXIF metadata
Some IPs of our servers are exposed to the internet
Plain text passwords are sent to our users via email