Bybit is a cryptocurrency exchange established in March 2018 to offer a professional platform where crypto traders can find an ultra-fast matching engine, excellent customer service and multilingual community support. The company provides innovative online spot and derivatives trading services, mining and staking products, as well as API support, to retail and institutional clients around the world, and strives to be the most reliable exchange for the emerging digital asset class.
No technology is perfect and Bybit believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our web app. Good luck, and happy hunting!
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Highly Critical: $5,000 - $20,000
P1 (9.0 to 10.0): $2,500 - $5,000
P2 (7.0 to 8.9): $1,000 - $2,500
P3 (4.0 to 6.9): $350 - $1,000
P4 (0.1 to 3.9): $100 - $350
Please note that the monetary rewards are only applicable to vulnerabilities with working proof of concept that demonstrate how it can be exploited.
As part of Bybit’s commitment to security, we reward every researcher's finding fairly based on the vulnerability's likelihood and impact to our business. For highly critical vulnerabilities that might cause extreme impact to our business can be rewarded up to $20,000. All reward decisions are at Bybit's discretion.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.