Acorns Grow, Inc.

  • $200 – $3,500 per vulnerability
  • Safe harbor

Update to Acorns 2FA

Hello Testers!

The Acorns team are currently in the process of updating their application to enforce 2FA across customer accounts. Currently they use "adaptive MFA" which basically means that they use behavior and machine learning to determine when they should challenge a login. For the Bugcrowd testers, if you add bugcrowd to your user-agent string while testing, it will force the system to perform a 2FA challenge.

The Acorns team are very interested in any bugs related to 2FA. Any accepted findings related to 2FA between now and the end of May 2021, Acorns will have an additional $500 add to the reward!

If you have any questions, please reach out to