Emily Walker
Crypto.com, based in Singapore, is extending a significant offer of $2 million to individuals who can discover and report security vulnerabilities, showcasing its confidence in its updated security protocols. This bounty initiative represents the largest of its kind on the platform, facilitated through HackerOne, and promises an open scope, quick payments, and adherence to standards.
The company announced its collaboration with HackerOne along with the launch of the $2 million bounty program via a Twitter/X post and company announcement on December 2nd. This program underscores the firm’s dedication to enhancing security and compliance, supported by various certifications such as ISO 27001, ISO 27017, ISO 27019, ISO 22301, ISO 27701, SOC2 Type 2, and PCI DSS 4.0.
On top of international certifications, Crypto.com possesses regional accreditations, including Singapore’s Cyber Trust Mark and Data Protection Trust Mark.
Enhanced Security and Bounty Initiative
Crypto.com has reaffirmed its security collaboration with HackerOne by announcing an updated bug bounty program, now allowing up to $2 million in rewards. This marks the first time the company has reached such a high amount, making it the largest bug bounty program available through HackerOne in the cryptocurrency sector and beyond.
Today we launch a groundbreaking $2 million bug bounty program with @Hacker0x01.
Safety and security are of paramount importance at – we’re proud to support the largest bug bounty program available through HackerOne.
Learn more pic.twitter.com/DRdEk9Zex0
— Crypto.com (@cryptocom) December 2, 2024
The company’s reward system categorizes rewards based on the severity of different vulnerabilities. For example, Low severity (0.1-3.9) accounts for about 41.67% of reports and offers rewards ranging from $200 to $500. Medium severity (4.0-6.9) earns between $500 and $5,000, High severity (7.0-8.9) attracts rewards between $5,000 and $40,000, while Critical/Extreme vulnerabilities (9.0+) can yield rewards from $40,000 up to $2 million.
Crypto.com encourages its users to help identify and mitigate potential vulnerabilities, proactively addressing risks before they can be exploited. The firm is part of a broader trend among tech companies adopting bug bounty programs to combat online threats.
The Importance of Identifying Security Vulnerabilities
As a major player in the crypto landscape, Crypto.com serves over 100 million users across 90 countries, making it susceptible to security risks. The company acknowledges these challenges and understands the importance of its partnership with HackerOne.
Crypto.com views trust as fundamental to its operations, built on principles of privacy and security. The company highlights its approach of “zero-trust and defense in depth security” and invests continuously in privacy and security education.
Kara Sprague, CEO of HackerOne, emphasizes that identifying critical security vulnerabilities is essential for a company like Crypto.com. She noted that the significant bounty underscores Crypto.com’s dedication to user safety and its support for ethical hacking practices.
Other Web 3.0 Companies Engage in Bounty Programs
In addition to Crypto.com, various leading Web 3.0 companies have implemented bounty programs to find and address security vulnerabilities. Notable tech giants like Facebook, Atomic Wallet, and Uniswap also leverage ethical hacking initiatives.
For instance, Uniswap has introduced one of the largest bug bounties in decentralized finance (DeFi), offering up to $15.5 million for locating security issues in its v4 smart contract. Following the announcement of this lucrative program, the price of its UNI token experienced a notable increase.
Featured image from Pexels, chart from TradingView