'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Introduction
At HackenProof, we connect organizations with cybersecurity experts and ethical hackers to help identify and address vulnerabilities in their systems and applications. As part of this process, we recognize that Know Your Customer (KYC) plays an increasingly important role in ensuring secure and trustworthy collaboration between companies and researchers.
While KYC is a common requirement in many financial and regulated industries to verify the identity of customers, it is not always mandatory within security-focused platforms. At HackenProof, we provide customers with the option to perform KYC checks on researchers participating in their bug bounty programs using trusted providers.
Whether KYC is optional or required ultimately depends on each company’s internal policies. Our customers can use HackenProof’s KYC functionality or integrate their own providers and processes — ensuring flexibility while maintaining strong security and compliance standards.
The importance of KYC for businesses
KYC is important for companies for several critical reasons:
- meet legal requirements
- reduce risks related to payment processing
- prevent fraud
- enhance their reputation
- make informed business decisions
The KYC approach helps establish trust and credibility within the cybersecurity community and ensures that researchers using the platform are legitimate and meet identity verification standards.
What KYC Includes on HackenProof
KYC on HackenProof is designed to ensure that researchers participating in bug bounty programs meet essential identity and compliance standards, while keeping the process efficient and user-friendly.
The primary level of verification typically includes:
- ID document verification through automated validation tools
- liveness checks and face matching
- selfie-based identity confirmation
- age verification (users must be 18+)
- country eligibility checks based on regulatory requirements
For programs that require enhanced due diligence, additional verification may include:
- proof of residency and address verification
- screening against PEP (politically exposed persons) lists
- sanctions list checks
To support this process, HackenProof partners with trusted KYC providers, including AMLBot, ensuring that user data is handled securely and in accordance with industry standards.
Researchers who successfully complete verification receive a visible KYC label on their profile, allowing companies to easily identify verified participants.
When KYC Verification Is Required on HackenProof
KYC verification on HackenProof is not applied universally — it is triggered in specific cases where additional security, compliance, or access control is required.
KYC verification is required in the following scenarios:
- Before reward withdrawal, if a researcher is a tax resident of the European Union
- After a valid report submission, if the company requests KYC verification to approve and credit the reward
- Before accessing restricted programs, such as private Bug Bounties, Disclosure programs, or Contests where code access is granted only to KYC-verified researchers
In all other cases, standard KYC verification is not mandatory.
To initiate the verification process, researchers can request a KYC link by opening a support ticket via HackenProof’s Discord channel.
This flexible approach allows companies to balance accessibility with security — ensuring that sensitive assets and reward flows are handled only by verified participants when necessary, without introducing unnecessary friction for the broader researcher community.
Modern KYC Approach: The AMLBot Example
As Web3 businesses scale, implementing KYC is no longer just about meeting basic requirements — it becomes part of a broader approach to security and risk management.
AMLBot follows this approach with its solutions designed to streamline AML and KYC compliance. By enabling businesses to integrate identity verification and transaction monitoring directly into their infrastructure, AMLBot helps ensure continuous compliance while reducing operational risks.
This focus on combining compliance with security aligns closely with how we approach bug bounty programs at HackenProof. As companies build more advanced systems for user verification and risk control, it becomes equally important to ensure that these systems themselves are secure, reliable, and resistant to abuse.
Bug Bounty as a Security Layer: The AMLBot Program on HackenProof
As KYC and AML systems become more integrated into core business operations, ensuring their security becomes just as important as their functionality. Vulnerabilities in identity verification flows or transaction monitoring logic can lead to serious financial and compliance risks.
To address this, AMLBot has launched its AMLBot KYT Web bug bounty program on HackenProof — inviting security researchers to test and validate the resilience of its infrastructure.
The program focuses on identifying vulnerabilities within AMLBot’s KYC and transaction monitoring systems, including integrations via its API. By opening its product to the security community, AMLBot reinforces its commitment to building reliable, secure, and compliant solutions for Web3 businesses.
This approach reflects a broader best practice: combining strong compliance infrastructure with continuous, real-world security testing — ensuring that critical systems are not only trusted, but also thoroughly validated.
Conclusion
KYC is no longer just a regulatory requirement — it is a core component of secure and trustworthy Web3 operations. As businesses adopt more advanced compliance solutions, they must also ensure that these systems are resilient, transparent, and continuously tested.
By combining modern KYC infrastructure with proactive security practices such as bug bounty programs, companies can reduce risk, strengthen trust, and build more reliable products.
Take your product security to the next level with a bug bounty backed by proven security expertise — Run your Program
