Welcome to the Bitexen Vulnerability Reporting Program. As one of Turkey's largest crypto exchanges, providing a secure platform to our customers is one of our main priorities. Therefore, we invite everyone to join the Bitexen Vulnerability Reporting Program.
Target | Type | Severity | Reward |
---|---|---|---|
www.bitexen.com Copy Copied | Web | Critical | Bounty |
global.bitexen.com Copy Copied | Web | Critical | Bounty |
com.bitexen.exchange - Android App Bitexen Copy Copied Android App Bitexen https://play.google.com/store/apps/details?id=com.bitexen.exchange | Android | Critical | Bounty |
ID 1388036461 - iOS App Bitexen Copy Copied iOS App Bitexen https://apps.apple.com/tr/app/bitexen/id1388036461 | iOS | None | Bounty |
com.bitexenglobal.exchangeapp - Android App Bitexen Global Copy Copied Android App Bitexen Global https://play.google.com/store/apps/details?id=com.bitexenglobal.exchangeapp | Android | Critical | Bounty |
ID 1634643482 - iOS App Bitexen Global Copy Copied iOS App Bitexen Global https://apps.apple.com/tr/app/bitexen/id1634643482 | iOS | Critical | Bounty |
Android App Bitexen https://play.google.com/store/apps/details?id=com.bitexen.exchange
iOS App Bitexen https://apps.apple.com/tr/app/bitexen/id1388036461
Android App Bitexen Global https://play.google.com/store/apps/details?id=com.bitexenglobal.exchangeapp
iOS App Bitexen Global https://apps.apple.com/tr/app/bitexen/id1634643482
We are interested in the following vulnerabilities:
Out Of Scope
You can send your questions about systems/vulnerabilities that are not specified as out of scope.
Reward Criteria
Safe Harbor
Bitexen will not take any legal action for researches and reports made in accordance with the rules specified on this page.
In case of sending a report, it is considered that the rights of the submitted content are transferred to Bitexen.
In case the security vulnerabilities in the reports submitted within the scope of the program are related to the products and services, network structures, systems, applications and information of third parties other than Bitexen, the relevant reports are not considered within the scope of the Bitexen Vulnerability Reporting Program and therefore the relevant third parties may initiate legal action in such a reporting situation and We would like to inform you that we, as Bitexen, are not responsible for the situation. Bitexen does not allow security research other than its own products and services and does not provide any person with an authorization in this regard.
You can access the document, which includes detailed rules and legal information about the Bitexen Vulnerability Reporting Program, from the page policy-details.
Happy hunting! ᕕ( ᐛ )ᕗ
Bitexen Vulnerability Reporting Program has been prepared to receive controlled news about security vulnerabilities that may be found in our systems and to encourage researchers. If you think that the security of your Bitexen account has been compromised, change your password as soon as possible and contact our support team via [email protected].
Testing and Reporting
You can help us by following the methods below so that we do not confuse the traffic generated during your tests with the attacker traffic.
Be sure to only use accounts that you control during the testing process. If you have found a vulnerability to run commands on systems, just use the id andhostname commands. Do not use automated tools. If you have found a potentially damaging vulnerability, contact us to obtain additional testing permissions before verifying.
Allowed/not allowed actions for remote code execution vulnerabilities:
The following information should also be provided when reporting remote code execution vulnerabilities: