Bitfinex Bug Bounty Rewards
Hunt, report, and get rewarded!
Bitfinex believes that establishing relationships with security researchers and nurturing security research is a vital part of our mission to deliver the most advanced, security-enhanced, and trusted trading platform for digital tokens.
In collaboration with the cybersecurity and hacker development community, Bitfinex runs this program to incentivise and reward the responsible disclosure of security vulnerabilities ("Responsible Disclosure"). Bitfinex is always building and pushing out new code, so join our growing research community and help our developers to squash bugs with attractive rewards paid out to successful bugs discovered.
Responsible Disclosure Policy:
To ensure a quick fix, the disclosure as a user or organisation must work with the Bitfinex security and development team in a timely and secure manner. Ensuring any vulnerabilities will be dealt with in the most secure manner, you must:
submit your report once you discover the bug, the fastest way to alert our team is via our form at the bottom of this page;
not share details of the bug in our customer support chat or publicly. If the matter is urgent you can advise the customer support team you have completed the bug report but do not disclose information and we will immediately alert our security team.
make every effort not to interrupt or degrade our service during your investigation.
not harm or defraud Bitfinex systems or our users during your investigation
only target your own accounts during your research for vulnerabilities. Please do not violate the privacy of other users, destroy data, attempt to access or disrupt any other user accounts.
provide written authority from the owner to perform such tasks, if working on behalf of a client or organisation where more than one account is used.
Work with us in good faith by following our responsible disclosure policy ensures no legal action will be taken against you by Bitfinex.
Bug Bounty eligibility & rules:
Please follow our Responsible Disclosure Policy above when working to discover security vulnerabilities and bugs.
You must fully accept and adhere to our terms of service
You must not be a Prohibited Person, such as a citizen or resident of the United States of America, or acting for the benefit of a Prohibited Person
You must not disclose information relating to your discovery publicly before it has been fixed
You must not try to access or damage other users' Bitfinex accounts. When completing the research, you must use your own Bitfinex account
You must not attempt social engineering or phishing techniques on our users or Bitfinex personnel
You must not use software or perform attacks that could affect the stability of our platforms, such as DDOS attacks, spamming techniques or blackhat SEO.
Rewards Policy:
All bounties are priced in $USD and paid in USDt or Bitcoin or any other digital token as determined in Bitfinex's sole and absolute discretion.
We are happy to give you recognition for your collaboration but will respect your privacy if you prefer not to reveal your identity publicly. Bitfinex may, at its sole discretion, honour your skills in its upcoming Hall of Fame, with any bugs appropriate for public disclosure.
We're always looking to meet talented security engineers. Get our attention by joining our Bug Bounty community, sign up!