Singapore-based Crypto.com is offering $2 million to anyone who can find and report vulnerabilities as a sign of confidence in its modern and updated security system. The bounty program is the largest yet for the website and HackerOne, offering open scope, fast payment and fully compliant with platform standards.
Crypto.com announced its partnership with HackerOne and the $2 million bounty program via a Twitter/X post and company update last December 2. The initiative is part of the company’s commitment to advancing security and compliance and is supported by several certifications, including ISO 27001, ISO 27017, ISO 27019, ISO 22301, ISO 27701, SOC2 Type 2 and PCI DSS 4.0.
In addition to these international certifications, Crypto.com has regional certifications such as Singapore’s Cyber Trust Mark and Data Protection Trust Mark.
Crypto.com upgrades security and bounty program
Crypto.com is continuing its security partnership with HackerOne and this month they jointly released a statement upgrading their existing bug bounty program, which now offers up to $2 million in rewards. This is the first time the company’s bounty program has reached this amount, and it is now the largest bug bounty program with HackerOne in crypto and beyond.
Today we’re launching a groundbreaking $2 million bug bounty program with @Hacker0x01.
Safety and security are our top priority https://t.co/vCNztATkNg – we are proud to support the largest bug bounty program available through HackerOne.
More information 👉 https://t.co/qFNWLLtoGN pic.twitter.com/DRdEk9Zex0
— Crypto.com (@cryptocom) December 2, 2024
The company rewards program offers tiered rewards for different types of vulnerabilities based on severity. For example, the Low (0.1-3.9), which represents 41.67% of entries, provides a reward of €200 to €500. Medium (4.0-6.9) gets $500 to $5,000, High (7.0-8.9) offers $5,000 to $40,000 in rewards, and finally Critical/Extreme Vulnerabilities (9.0+) rewards $40,000 to $2 million.
Crypto.com invites its users to identify any vulnerabilities and fix these potential risks before bad actors exploit them. The crypto firm joined other tech companies in conducting bug bounties to tackle online threats.
Finding critical security gaps that are critical to businesses
As one of the leaders in the crypto space, Crypto.com serves over 100 million users from 90 countries. However, its popularity also puts it at risk of safety hazards. The company understands these threats and is the main reason why it partners with HackerOne.
Crypto.com believes that trust is the foundation of the business, built around privacy and security. In a statement, the company employs “zero-trust and defense in depth security” strategies and continually invests in privacy and security training.
According to Kara Sprague, CEO of HackerOne, finding critical security holes is crucial for a company like Crypto.com. She said the record amount reflects Crypto.com’s commitment to user protection and support for ethical hacking.
Other Web 3.0 companies also run incentive programs
In addition to Crypto.com, other leading Web 3.0 bounty programs have been running to identify and address security issues. Facebook, Atomic Wallet, Uniswap and Facebook are top tech companies that rely on ethical hacking.
For example, Uniswap launched the largest bug bounty in DeFi, offering up to $15.5 million for those who can identify security threats on its v4 smart contract. Following the announcement of the lucrative bounty program, the price of the UNI token has skyrocketed.
Featured image from Pexels, chart from TradingView