Crypto.com is putting its security to the ultimate test! They’re offering a massive $2 million bounty to anyone who can find and report security vulnerabilities on their platform.
A Huge Bounty, Big on Security
This isn’t just any bug bounty program. It’s the biggest one yet for Crypto.com and its partner, HackerOne. They’re promising fast payouts and a streamlined process that meets all the necessary security standards. The announcement was made in December 2024 via Twitter and a company update. Crypto.com is serious about security, boasting a long list of certifications including ISO 27001, ISO 27017, ISO 27019, ISO 22301, ISO 27701, SOC2 Type 2, and PCI DSS 4.0, plus regional certifications like Singapore’s Cyber Trust Mark and Data Protection Trust Mark.
How Much Can You Win?
The rewards are tiered based on the severity of the vulnerability found:
- Low (0.1-3.9): $200 – $500
- Medium (4.0-6.9): $500 – $5,000
- High (7.0-8.9): $5,000 – $40,000
- Critical/Extreme (9.0+): $40,000 – $2,000,000!
Crypto.com wants ethical hackers to help them identify and fix problems before malicious actors can exploit them.
Why This Matters
With over 100 million users in 90 countries, Crypto.com is a huge target. They’re proactively partnering with HackerOne to strengthen their security and maintain user trust. They emphasize a “zero-trust and defense in depth” security strategy and invest heavily in security training. HackerOne’s CEO, Kara Sprague, highlighted the significance of this record-breaking bounty, emphasizing Crypto.com’s dedication to user protection.
Not Alone in the Bounty Game
Crypto.com isn’t the only major player using bug bounties. Many other Web 3.0 companies, including Uniswap (with a massive $15.5 million bounty for its v4 smart contract), are also leveraging ethical hacking to improve their security.
