Meet Bit.com
Bit.com is a crypto exchange offering spot, futures, options, and NFT trading.
The exchange also features a rebalancing market-making strategy.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, Bit.com will reward you:
- Critical: $1500 – $3000
- High: $500 – $1000
- Medium: $50 – $500
- Low: <$50
Join The Bounty Hunt
There are 3 targets to scope:
- website
- API
- Crypto wallet
Make sure your reports contain info about these incidents:
- Business logic issues
- Payments manipulation
- Remote code execution (RCE)
- Injection vulnerabilities (SQL, XXE)
- File inclusions (Local & Remote)
- Access Control Issues (IDOR, Privilege Escalation, etc)
- Leakage of sensitive information
- Server-Side Request Forgery (SSRF)
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Directory traversal
- Another vulnerability with a clear potential loss
To increase your chances of finding a critical bug, read API documentation here!
Once you’re ready, click here to join the bounty hunt!