• $120 – $5,000 per vulnerability
  • Up to $10,000 maximum reward

Upwork adding a CTF Reward

Hey Everyone,

Upwork has decided to incorporate a high-impact reward for a certain type of finding.

In addition to the regular rewards for this program, Upwork is also offering a one-time $5,000 reward for the ability to break into any of the specified client or freelancer accounts, and steal the funds allocated to it. The account are: bugcrowd-client@upwork.com and bugcrowd-freelancer@upwork.com.


  • Please provide complete reproduction steps for how you were able to capture the flag
  • Bruteforcing credentials to break in is still out of scope as per the regular scoping rules.

Please review the brief for full details and happy hunting!

Steve @Bugcrowd