Security Vulnerability Submissions

At Bitdeer, the security of our customers' digital assets and global infrastructure is our highest priority.While we engineer our solutions for robust security, the complexity of our ecosystem means vulnerabilities may still arise. We believe a strong partnership with the security community is essential, and we invite you to help us identify and resolve these issues. We deeply value your expertise in responsible disclosure and your vital contributions to protecting our users worldwide.

Vulnerability Scope

Upon detection of a suspected vulnerability, please notify us as soon as possible. The vulnerability should be of critical or impor tant severity, posing to be a significant t hreat.

Types of qualifying vulnerabilities

SQL Injection (SQLi)
Persistent Cross-Site Scripting (XSS)
Remote Code Execution (RCE)
Insecure Direct Object Reference (IDOR)
Horizontal and vertical privilege escalation
Authentication bypass & broken authentication
Business Logic Errors vulnerability with real security impact
Local files access and manipulation (LFI, RFI, XXE, SSRF)
Cross-site Request Forgery (CSRF) with real security impact
Exposed secrets, credentials or sensitive information on an asset under our control

Types of non-qualifying vulnerabilities

cookie flags, HTTP Strict Transport Security Header)
Clickjacking/UI redressing
Known CVEs without working PoC
Social engineering of staff or contractors
Vulnerabilities affecting outdated browsers or platforms
Expired certificate, best practices and ot her related issues for TLS/SSL certificates
Invalid or missing SPF (Sender Policy Framework), DKIM, DMARC records
Unauthenticated / Logout / Login and ot her low-severity Cross-Site Request Forger y (CSRF)
Lack of rate-limiting, brute-forcing or captcha issues Other unexploitable vulnerabilities
Other unexploitable vulnerabilities