Security is our top priority. We encourage responsible disclosure of vulnerabilities and reward their discovery.
| Vulnerability | Reward |
|---|---|
| Remote code execution | $5000 |
| Manipulation of user balances | $3000 |
| XSS/CSRF/Clickjacking (balances/trading/exchange/deposit) | $2000 |
| Theft of passwords/API keys/personal info | $2000 |
| Partial authentication bypass | $1500 |
| Other financial/data loss vulnerabilities | $500 |
| Other CSRF (except logout) | $500 |
No rewards for DDoS, Self-XSS, Spam, or Social Engineering.
To report, send us an email. We will contact you and resolve the issue as soon as possible.