Singapore-based Crypto.com is putting its money where its mouth is when it comes to security, launching a hefty $2 million incentive for anyone who can spot and report security vulnerabilities. This bounty, the largest ever for both the website and HackerOne, boasts an all-inclusive scope, prompt payouts, and full adherence to platform guidelines.
Crypto.com unveiled this ambitious bounty program in collaboration with HackerOne via a Twitter/X post and company announcement on December 2nd. This move underscores the company’s dedication to security and compliance, supported by a slew of certifications such as ISO 27001, ISO 27017, ISO 27019, ISO 22301, ISO 27701, SOC2 Type 2, and PCI DSS 4.0. Aside from these international accolades, Crypto.com also holds regional certifications like Singapore’s Cyber Trust Mark and Data Protection Trust Mark, reinforcing its commitment to security.
Continuing its partnership with HackerOne, Crypto.com has elevated its existing bug bounty program this month, now offering rewards that peak at an eye-popping $2 million. This milestone marks the first time the company’s bounty program has reached this amount, setting a new standard as the largest of its kind with HackerOne both within the crypto sector and beyond.
Crypto.com is determined to resolve potential risks before they become real threats, encouraging users to identify and report vulnerabilities. The company’s bounty program offers a structured reward system based on the severity of the discovered vulnerabilities. Lower-severity findings (0.1-3.9) can earn investigators between $200 and $500, while medium-severity issues (4.0-6.9) might net $500 to $5,000. High-severity vulnerabilities (7.0-8.9) promise rewards from $5,000 to $40,000, and for those uncovering critical/extreme threats (9.0+), the sky’s the limit with rewards reaching up to $2 million.
The total crypto market cap sits at a substantial $3.4 billion, according to TradingView data, underscoring the industry’s scale and potential risks. With over 100 million users across 90 countries, Crypto.com stands as a major player in the crypto world, but its prominence also makes it a target for security threats. Recognizing these challenges, the company has steadfastly partnered with HackerOne to bolster its defenses.
Crypto.com emphasizes that trust is integral to its operations, centering its efforts around privacy and security. Kara Sprague, CEO of HackerOne, pointed out that discovering significant security loopholes is vital for companies like Crypto.com and praised the record-breaking bounty as a testament to the firm’s dedication to user safety and support for ethical hackers.
In the broader Web 3.0 landscape, Crypto.com isn’t alone in this security pursuit. Several other top tech companies, including Facebook, Atomic Wallet, and Uniswap, have embraced bounty programs to pinpoint and fix potential vulnerabilities. Uniswap, for instance, launched a monumental bug bounty within decentralized finance (DeFi), offering up to $15.5 million for discovering vulnerabilities in its v4 smart contract. The announcement of such a generous bounty notably spurred an increase in its UNI token’s market value.
This proactive approach across the industry highlights the importance placed on security in the rapidly evolving world of Web 3.0.
