Bybit

  • $100 – $5,000 per vulnerability
  • Up to $20,000 maximum reward
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 14
  • Validation within 6 days 75% of submissions are accepted or rejected within 6 days
  • Average payout $365.90 within the last 3 months

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Bybit is a cryptocurrency exchange established in March 2018 to offer a professional platform where crypto traders can find an ultra-fast matching engine, excellent customer service and multilingual community support. The company provides innovative online spot and derivatives trading services, mining and staking products, as well as API support, to retail and institutional clients around the world, and strives to be the most reliable exchange for the emerging digital asset class.

No technology is perfect and Bybit believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our web app. Good luck, and happy hunting!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Highly Critical: $5,000 - $20,000
P1 (9.0 to 10.0): $2,500 - $5,000
P2 (7.0 to 8.9): $1,000 - $2,500
P3 (4.0 to 6.9): $350 - $1,000
P4 (0.1 to 3.9): $100 - $350

Please note that the monetary rewards are only applicable to vulnerabilities with working proof of concept that demonstrate how it can be exploited.

As part of Bybit’s commitment to security, we reward every researcher's finding fairly based on the vulnerability's likelihood and impact to our business. For highly critical vulnerabilities that might cause extreme impact to our business can be rewarded up to $20,000. All reward decisions are at Bybit's discretion.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.