Binance

  • $200 – $10,000 per vulnerability
  • Up to $100,000 maximum reward
  • Partial safe harbor

Program stats

  • Vulnerabilities rewarded 369
  • Validation within 2 days 75% of submissions are accepted or rejected within 2 days

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program or engagement does not allow disclosure. You may not release information about vulnerabilities found in this program or engagement to the public.


For security issues related to cryptocurrencies and their components ONLY:

If you have found a security issue that directly affects a cryptocurrency and/or its components (e.g. blockchain, node, wallet), please ensure that you report it directly to the program.

Non-security related issues:

To report an issue without security impact, please open a support chat at https://www.binance.com/en/support (chat icon is located at the bottom right of the page). Thank you for your efforts in helping keep Binance and its users safe!


About:

Binance is the world’s leading blockchain ecosystem and cryptocurrency infrastructure provider with a financial product suite that includes the largest digital asset exchange by trading volume.

Trusted by millions worldwide, the Binance’s platform is dedicated to increasing the freedom of money for people all around the world, by providing access to broad financial tools across a growing, wide network while maintaining the lowest fees in the business.

Binance’s mission is to be the infrastructure provider to the blockchain ecosystem. Today, Binance is a global blockchain ecosystem spanning across trading services, infrastructure solutions, educational resources, research, social good and charitable programs, investment and incubation initiatives, and more. The Binance ecosystem also includes partners such as Trust Wallet, CoinMarketCap, and more.

For more information, visit www.binance.com

Policy:

At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.

This bounty brief describes the rules of the Binance bug bounty program, as well as the eligibility of vulnerabilities and the rewards.


Rewards/Ratings:

This program takes reference from the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings. Prioritization/ratings may vary from the Bugcrowd Vulnerability Rating Taxonomy.

Rewards will be paid out in BNB.

Once your submission is accepted, please provide either of the following to receive your reward.

  • email address registered on Binance
  • your BNB (BSC) wallet address

We suggest researchers create a separate private Binance account, or a Binance Smart Chain wallet.

*Prices will change with the cryptocurrency markets and the dollar amount listed below could change.

Please note that only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards. Determination of whether a reported issue sufficiently meets the bar for monetary rewards is done at Binance's discretion.

*Binance is eager to work with the community to make sure that every researcher's finding is rewarded fairly - based on the vulnerability's impact on business and overall severity. To this end, it is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $100,000.

Binance may award an additional reward bonus for exceptional reports. This will be done at Binance's discretion .

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.