- $200 – $10,000 per vulnerability
- Up to $100,000 maximum reward
For security issues related to cryptocurrencies and their components ONLY:
If you have found a security issue that directly affects a cryptocurrency and/or its components (e.g. blockchain, node, wallet), please ensure that you report it directly to the program.
Non-security related issues:
To report an issue without security impact, please open a support chat at https://www.binance.com/en/support (chat icon is located at the bottom right of the page). Thank you for your efforts in helping keep Binance and its users safe!
Binance is the number one cryptocurrency exchange, operating in many places throughout the world. Specializing in crypto-to-crypto transactions, we provide access to hundreds of digital currency pairs. As a leading exchange platform, we prioritize security, liquidity, and speed, while maintaining some of the lowest fees in the industry. We strive to give our users the best experience possible, also providing access to some of the latest blockchain/DLT technologies available, with new cryptocurrencies being listed frequently.
Binance stands for “Binary Finance”, integrating digital technology with finance. Just as the name suggests, we are digital currency enthusiasts, with more than 20 years of combined finance, security, and development experience at top exchange platforms and companies including the Tokyo Stock Exchange, Morgan Stanley, Accenture, and other Top 100 companies from all over the world.
At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.
This bounty brief describes the rules of the Binance bug bounty program, as well as the eligibility of vulnerabilities and the rewards.
This program takes reference from the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings. Prioritization/ratings may vary from the Bugcrowd Vulnerability Rating Taxonomy.
Rewards will be paid out in BUSD.
Once your submission is accepted, please provide either of the following to receive your reward.
- email address registered on Binance
- your BUSD wallet address
We suggest researchers create a separate private Binance account, or a Binance Smart Chain wallet.
*Prices will change with the cryptocurrency markets and the dollar amount listed below could change.
Please note that only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards. Determination of whether a reported issue sufficiently meets the bar for monetary rewards is done at Binance's discretion.
*Binance is eager to work with the community to make sure that every researcher's finding is rewarded fairly - based on the vulnerability's impact on business and overall severity. To this end, it is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $100,000.
Binance may award an additional reward bonus for exceptional reports. This will be done at Binance's discretion .
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.