CoinEx is a global cryptocurrency exchange committed to making crypto trading easier.
Target | Type | Severity | Reward |
---|---|---|---|
https://www.coinex.com Copy | Web | Critical | Bounty |
https://apps.apple.com/app/id1626447428 Copy IOS app v 3.13.1+ | iOS | Critical | Bounty |
https://play.google.com/store/apps/details?id=com.coinex.trade.play&hl=en Copy Android app v 3.43.3+ | Android | Critical | Bounty |
IOS app v 3.13.1+
Android app v 3.43.3+
Any vulnerability or chain of vulnerabilities that leads directly to unauthorized fund transfers, transaction tampering, and financial fraud leading to significant loss of user or platform funds.
Any vulnerability or chain of vulnerabilities that leads directly to exposure of essential cryptographic secrets or unauthorized access to hot or cold wallets leading to asset loss.
Any instance of Remote Code Execution (RCE) on in-scope Domains that allows arbitrary command execution, system compromise, and full application takeover.
The list of acceptable vulnerabilities:
Clear wording:
Allocated bounty reward will be split between all researchers who submitted the same issue (where uniq issues receive 1/3 of the pool and researchers will get 1/9 each of the initial reward pool).
Full Reward: If a critical vulnerability is found by only one participant, that reporter receives 100% of the bounty pool.
If multiple participants find the same vulnerability, the allocated bounty for that issue (bounty pool always equally split among all unique issues reported) is divided equally among all reporters. Example: If two researchers report the same vulnerability, each receives 50% of the allocated bounty. It can be 50% of the bounty pool if only one eligible issue was reported.
Split Based on Uniqueness of issues reported:
Each will receive 50% of the bounty pool.
HackenProof is entitled to 10% of rewards as the fee for the triage and other services‼️
Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
We are happy to thank everyone who submits valid reports which help us improve our security. However, only those that meet the following eligibility requirements may receive a monetary reward:
Hacken - April 2025
CoinEx Web App - CoinEx Web App
iOS - iOS
Android - Android