Singapore-based Crypto.com is offering $2 million to anyone who can find and report vulnerabilities as a sign of its confidence in its modern and updated security system. The bounty program is the biggest yet for the website and HackerOne, offering an open scope, fast payment, and fully compliant with platform standards.
Crypto.com announced its partnership with HackerOne and the $2 million bounty program through a Twitter/X post and company update last December 2nd. The initiative is part of the company’s commitment to promoting security and compliance and is backed by different certifications, including ISO 27001, ISO 27017, ISO 27019, ISO 22301, ISO 27701, SOC2 Type 2, and PCI DSS 4.0.
In addition to these international certifications, Crypto.com boasts regional certifications, like Singapore’s Cyber Trust Mark and Data Protection Trust Mark.
Crypto.com Upgrades Security, Bounty Program
Crypto.com continues its security partnership with HackerOne, and this month, they jointly issued a statement upgrading its existing bug bounty program, which now offers up to $2 million in rewards. This is the first time the company’s bounty program has reached this amount, and it’s now the biggest bug bounty program with HackerOne in crypto and beyond.
Today we launch a groundbreaking $2 million bug bounty program with @Hacker0x01.
Safety and security are of paramount importance at https://t.co/vCNztATkNg – we’re proud to support the largest bug bounty program available through HackerOne.
Learn more
https://t.co/qFNWLLtoGN pic.twitter.com/DRdEk9Zex0
— Crypto.com (@cryptocom) December 2, 2024
The company’s rewards program offers tiered rewards for different types of vulnerabilities based on severity. For example, the Low (0.1-3.9), representing 41.67% of submissions, provides a reward anywhere from $200 to $500. Medium (4.0-6.9) gets $500 to $5,000, High (7.0-8.9) boasts $5,000 to $40,000 in rewards, and finally, Critical/Extreme vulnerabilities (9.0+) rewards $40,000 up to $2 million.
Crypto.com invites its users to identify any vulnerabilities and resolve these potential risks before bad actors exploit them. The crypto company joined other tech companies in running bug bounties to address online threats.
Finding Critical Security Gaps Crucial For Companies
As one of the leaders in the crypto space, Crypto.com serves over 100 million users from 90 countries. However, its popularity also puts it at risk of security threats. The company understands these threats, and it’s the primary reason it partners with HackerOne.
Crypto.com believes that trust is the company’s foundation, built around privacy and security. In a statement, the company boasts “zero-trust and defense in depth security” strategies and continually invests in privacy and security training.
According to Kara Sprague, HackerOne’s CEO, finding critical security gaps is crucial for a company like Crypto.com. She mentioned that the record bounty amount reflects Crypto.com’s commitment to user protection and support for ethical hacking.
Other Web 3.0 Companies Also Run Bounty ProgramsAside from Crypto.com, other leading Web 3.0 have run bounty programs to identify and address security weakness. Facebook, Atomic Wallet, Uniswap, and Facebook are top tech companies that rely on ethical hacking.
For example, Uniswap launched the biggest bug bounty in DeFi, offering up to $15.5 million for those that can identify security threats on its v4 smart contract. After announcing the lucrative bounty program, its UNI token has surged in price.
Featured image from Pexels, chart from TradingView