Vulnerability Rewards Program - Report A Problem

Security Vulnerability Submissions and Rewards

We want to hear about security vulnerabilities in our products and services. In order to reward security researchers, we offer rewards for eligible security vulnerability reports that are disclosed to us. To honour all cutting-edge external contributions that help us keep our product safe, we conduct a Vulnerability Reward Program. The goal of this program is to collect significant vulnerabilities that have a direct and demonstrable impact. "Vulnerability" refers to any bug, flaw, behavior, output, outcome, or event within an application, system, or service which can bring risks or increase security exposures.

Submissions must meet the
following criteria

Identify a new vulnerability

Identify a vulnerability that has not been previously reported to our team.

Must be a critical vulnerability

The vulnerability severity must be critical or important. This means it has to be a significant threat.

Show us how to fix it

You must include clear and concise steps to understand and fix the issue in text or video format.

Meets all legal obligations

You cannot violate any applicable laws, regulations, policies or third party’s right, and submission data must be your own.

Kept confidential

You should not expose the issue to any other party without our prior written consent.

Earn up to $3000 USD

Minerplus: Up to 3000 USD

Vulnerability examples: Code execution, logic vulnerability, denial of service, access acquisition, or injection.

Bitdeer: Up to 3000 USD

Vulnerability examples: Access acquisition, data breach, code execution, injection, unauthorized access, and denial of service.

Other: Up to 1500 USD

Other security vulnerabilities or intelligence vulnerabilities assessed according to factors like the importance of the service and exploitability

vulner_earn_up
vulner_reporting

Reporting a vulnerability

Submit your report by email to [email protected] with the email title format: (date)_(reporter's name)_(short description). For example, "20210719_John_SQL injection in Website". This format is a mandatory condition for your report. Please note that by submitting us a vulnerability report, you grant us a perpetual, worldwide, royalty-free, irrevocable and non-exclusive right to use, modify, and incorporate your submission into our products, services, or test system without any further obligations or notices to you. Read more about our Terms & Conditions