Welcome to the Blockchain.com Bug Bounty Program! As a pioneer in the cryptocurrency space, Blockchain.com has been at the forefront of developing crucial infrastructure for the Bitcoin community. We started with the Blockchain Explorer, empowering users to examine transactions and understand the blockchain, and an API that enabled businesses to build on Bitcoin. Furthermore, we provide a widely popular and user-friendly crypto wallet, allowing individuals globally to securely manage their own digital assets. Thank you for your interest in helping us enhance the security of our platform! Your contributions are highly valued.
Getting Started If you are new to Blockchain.com, we strongly encourage you to review our Security Learning Portal to familiarise yourself with our products and their security considerations before submitting any reports.
Target | Type | Severity | Reward |
---|---|---|---|
blockchain.com Copy | Web | Critical | Bounty |
ws.blockchain.info Copy | API | Critical | Bounty |
api.blockchain.info Copy | API | Critical | Bounty |
https://play.google.com/store/apps/details?id=piuk.blockchain.android Copy | Android | Critical | Bounty |
https://apps.apple.com/us/app/blockchain-com-buy-btc-sol/id493253309 Copy | iOS | Critical | Bounty |
Target | Type | Severity | Reward |
---|---|---|---|
email-clicks.blockchain.com Copy | Web | None | Bounty |
support.blockchain.com Copy | Web | None | Bounty |
blog.blockchain.com Copy | Web | None | Bounty |
docs.blockchain.com Copy | Web | None | Bounty |
institutional.blockchain.com Copy | Web | None | Bounty |
We are interested in the following vulnerabilities:
When reporting vulnerabilities, please consider (1) attack scenario/exploitability, and (2) the security impact of the bug. The following issues are considered out of scope:
Third party providers and services
Web applications operated by third parties are only considered in scope under the following ways:
The following assets represent third-party applications, along with their vendors to report issues to:
Responsible Testing
Scope and Limitations
Vulnerability Reporting
We are happy to thank everyone who submits valid reports which help us improve the security. However, only those that meet the following eligibility requirements may receive a monetary reward: