Best bug bounty offering

Our customers only pay for vetted bugs and triage services.
We handle all policy and payment transactions.

One price for all packages
for dashboard usage for access to 20 000+ hackers for program kick-off
fee for valid bugs
Pay Monthly
Pay Yearly
Completely free triage for tokens, NFTs, and other Smart Contracts.
/month professional Triage team
+ 10% bug fee
  • Customer support
  • We handle all policy and rewards transactions
  • Launch up to 2 public Bug Bounty
A plan perfectly tailored to anything from the website to dApp, Bridge, or DEX/CEX
/month professional Triage team
+ 10% bug fee
  • Dedicated program manager
  • Dedicated triage team processes and verifies all bug reports
  • We handle all policy and payment transactions
  • Launch up to 2 Bug Bounty Programs,
    private or public
Plan for big players, launch multiple programs and take your security to the next level
/month professional Triage team
+ 10% bug fee
  • Everything in Standard plan, PLUS:
  • Launch up to 5 private or public
    Bug Bounty Programs for all of your services and apps
  • Pre-Vulnerability Assessment
  • Pay rewards for high and critical severity bugs in your own TOKEN
  • 10% welcome discount for penetration testing or audit from Hacken

Frequently Asked Questions

A bug bounty is a program where a company provides a monetary reward to an independent security hacker who reports a bug or a security vulnerability. Rewards can vary from hundreds to thousands of dollars depending on the impact and severity of the vulnerability.
We believe that a crowdsourced approach to security is the natural evolution of traditional penetration testing. For many organizations, running a variety of vulnerability scanners and penetration tests is the only solution for cybersecurity. It’s also no secret that, no matter how advanced, automation only goes so far–it finds only what it knows.
Private programs are fully confidential and are available only to a selected number of hackers. They offer our clients the opportunity to tap into the power of crowdsourced security testing – a vast number of testers with rich skill sets and perspectives for focused testing in an invite-only program.
The reported bug must be recognized by the company as a valid unique bug within the program scope, which can be reproduced and verified by the company.