Bug Bounty

Reward

We do not limit the maximum amount of rewards in any way and can increase the reward depending on the severity of the vulnerability. You are more likely to receive increased rewards if you show how vulnerability can be used to cause maximum harm.

Here is a list of approximate rewards for detecting vulnerabilities:

Remote code execution

$10,000

Manipulating user balances

$10,000

XSS/CSRF/Clickjacking affecting user balances/trading/exchange/deposits

$2,000

Stealing information related to passwords API keys /personal information

$2,000

Partial authentication bypass

$1,500

Other vulnerability with clear potential for financial or data loss

$500

Other CSRF (excluding logout CSRF)

$500

Rewards for DDoS, Self-XSS, Spam and Social engineering attacks will NOT be granted.

Extreme Bounty Range: up to $1,000,000

WhiteBIT offers a higher tier of Extreme bounties of up to $1 million for exceptionally severe vulnerabilities against our platform. While we do not outline exact criteria for extreme bounties given each one being an extreme edge case, these are generally vulnerabilities that could result in a critical compromise of system security or cause a system-wide shutdown. Each submission is evaluated individually by the WhiteBIT team, which retains full discretion over the assessment of impact and reward amount. Rewards in this category may be issued in a combination of stablecoins and fiat funds, depending on the final decision of the WhiteBIT team.

You can familiarize yourself with the subject of verification and the rules of the Bug Bounty program in the Bug Bounty Policy.

Earn rewards

Explore the bug bounty program on HackenProof.com