Best bug bounty offering

Our customers only pay for vetted bugs and triage services.
We handle all policy and payment transactions.

One price for all packages
$0
for dashboard usage for access to 7000 hackers for program kick-off
10%
fee for valid bugs
Packages
Start
Use HackenProof dashboard to validate
hacker reports yourself, only paying a
10% bug fee.
$0
/month without Triage team
if
you meet conditionals

range of bounty for critical bug starts from:

- 30K for WEB, Mobile, API

- 1 mln for Smart Contract, Protocol, Wallet

+ 10% bug fee
  • Customer support
  • We handle all policy and payment transactions
  • Launch up to 2 public Bug Bounty
    Programs
Enterprise
Pre-program vulnerability assessment, full
triage, 10% off on pentest by Hacken, and a live
hacking challenge to elevate your program!
$1600
/ month with yearly subscription
or
$2000 with monthly payment
+ 10% bug fee
  • Dedicated program manager
  • We handle all policy and payment transactions
  • Launch up to 5 Bug Bounty Programs,
    private or public
  • Pre-Vulnerability Assessment
  • 10% off on pentest from Hacken

Frequently Asked Questions

A bug bounty is a program where a company provides a monetary reward to an independent security hacker who reports a bug or a security vulnerability. Rewards can vary from hundreds to thousands of dollars depending on the impact and severity of the vulnerability.
We believe that a crowdsourced approach to security is the natural evolution of traditional penetration testing. For many organizations, running a variety of vulnerability scanners and penetration tests is the only solution for cybersecurity. It’s also no secret that, no matter how advanced, automation only goes so far–it finds only what it knows.
Private programs are fully confidential and are available only to a selected number of hackers. They offer our clients the opportunity to tap into the power of crowdsourced security testing – a vast number of testers with rich skill sets and perspectives for focused testing in an invite-only program.
The reported bug must be recognized by the company as a valid unique bug within the program scope, which can be reproduced and verified by the company.