Bug bounty

General

Security is a top priority for us, and we take it very seriously. We put a lot of effort into our trading platform, infrastructure, and processes to ensure that CoinAmount is safe and secure for our customers. We also put a lot of effort into ensuring the security of our customer�s data. However, in case you are able to discover any security vulnerability, we would appreciate your help in responsibly reporting the issue to us so that we can investigate and address it as soon as possible.

Reward Evaluation

We will award an amount in one of our listed assets on a case-by-case basis depending on the severity of the issue. Please note that we only award one bounty per bug.

Program Rules

Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Please provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or third-party.
Do not violate customer privacy, destroy data, disrupt or degrade our service. Only interact with accounts you own or with explicit, written permission of the account holder that you can provide to CoinAmount. Otherwise, your actions may be interpreted as an attack rather than an effort to be helpful.
Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

Eligible bounties

Any design or implementation issue that results in the loss/compromise of data or money for CoinAmount or any of its customers.

The most common examples are:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Authentication or authorisation flaws
  • Remote code execution
  • Click jacking
  • Code injection
  • Leaks of sensitive data

Issues that aren't eligible for reward

We cannot reward bounties for issues that are outside of our direct control, such as:

  • Issues on sites hosted by third parties unless they lead to a vulnerability on the main website.
  • Issues on social media
  • Issues contingent on physical attack, social engineering, spamming, DDOS attack, etc.
  • Issues affecting outdated or unpatched browsers.
  • Issues in third-party applications that make use of CoinAmount API.
  • Issues that have not been responsibly investigated and reported.
  • Issues that aren't reproducible.
  • Issues that we can't reasonably be expected to do anything about.

Submitting an issue

Submit your issue report through our support page. Submissions must be made in English.
Try to include as much information in your report as you can, including a description of the issue, its potential impact, and steps for reproducing it or proof of concept.
Prior to claiming your reward, CoinAmount will complete an ID verification check