Blog Bug Bounty

Our focus is on providing verified information. For the WhiteBIT crypto exchange community, all information our clients receive must be verified and truthful. That’s why we encourage vulnerability research on our blog and generously reward those who discover them.

To be able to receive a reward for finding a vulnerability, you must fulfill a few simple conditions:

  • Inform us of the discovered vulnerability, but do not disclose information about it and allow us enough time to fix it;
  • Provide evidence of the facts that will help support your position;
  • Do not use fake or unverified facts to mislead users and exchange staff.


We are ready to generously reward developers who can demonstrate how the discovered vulnerability can be exploited to cause the most damage. The size of the reward will depend on the severity of the vulnerability found.

The table below shows an approximate reward for detecting vulnerabilities:

Vulnerability Severity Reward
Remote code execution/Website defacement Critical $750–$1500
SQL injection High $500–$750
Stored XSS with real security impact/DBMS Misconfiguration Medium $250–$500
Other vulnerabilities with clear potential Low $50–$250

Rewards for DDoS, Self-XSS, Spam and Social engineering attacks will NOT be granted.

You can familiarize yourself with the subject of verification and the rules of the Bug Bounty program in the Blog Bug Bounty Policy.

Have you found a vulnerability?

To report it, please email us, and we will contact you as soon as possible to solve the problem.

Contact Support

Send vulnerability to Security –