Blog Bug Bounty
Our focus is on providing verified information. For the WhiteBIT crypto exchange community, all information our clients receive must be verified and truthful. That’s why we encourage vulnerability research on our blog and generously reward those who discover them.
To be able to receive a reward for finding a vulnerability, you must fulfill a few simple conditions:
- Inform us of the discovered vulnerability, but do not disclose information about it and allow us enough time to fix it;
- Provide evidence of the facts that will help support your position;
- Do not use fake or unverified facts to mislead users and exchange staff.
Rewards
We are ready to generously reward developers who can demonstrate how the discovered vulnerability can be exploited to cause the most damage. The size of the reward will depend on the severity of the vulnerability found.
The table below shows an approximate reward for detecting vulnerabilities:
| Vulnerability | Severity | Reward |
| Remote code execution/Website defacement | Critical | $750–$1500 |
| SQL injection | High | $500–$750 |
| Stored XSS with real security impact/DBMS Misconfiguration | Medium | $250–$500 |
| Other vulnerabilities with clear potential | Low | $50–$250 |
Rewards for DDoS, Self-XSS, Spam and Social engineering attacks will NOT be granted.
You can familiarize yourself with the subject of verification and the rules of the Bug Bounty program in the Blog Bug Bounty Policy.
Have you found a vulnerability?
To report it, please email us, and we will contact you as soon as possible to solve the problem.
Send vulnerability to Security – security@whitebit.com