We value any feedback on our services and are grateful for people who take the effort to contact us with their feedback. Although Bitmymoney strives for complete security, changes in our software and hardware can lead to vulnerabilities in our architecture.
We would like to encourage security researchers to first share with us any vulnerabilities they can find in our architecture. And give us time to fix the issue, before sharing with others.
The minimum payout for a previously unknown security vulnerability is €25.
We payout in bitcoin for reporting a previously unknown security vulnerability of sufficient severity. We award higher amounts based on severity or creativity of the vulnerability found. Bitmymoney reserves the right to decide if the minimum severity threshold is met and whether it was previously reported.
We also provide attribution on this page as a thank you.
Rewards are only paid in Bitcoin.
In general, anything which has the potential for financial loss or data breach is of sufficient severity, including:
XSS CSRF Authentication bypass or privilege escalation Click jacking Remote code execution Obtaining user information
In general, the following would not meet the threshold for severity:
You can disclose a vulnerability to firstname.lastname@example.org
Please include if possible:
Description and potential impact Steps to reproduce the issue or a proof of concept Name and link for attribution on this page Bitcoin address for payout Thank you for helping keep the bitcoin community safe!
We thank these White Hat Geniuses:
2021-07-20 Kinshuk Kumar
2021-06-17 Tinu Pentesting
2021-02-17 Harsh Joshi
2019-12-26 BuG HunTer BK
2019-10-16 Yassine Nafiai
2019-05-28 Maulik Shah
2019-04-01 Pal Patel
2019-03-28 Tarikul Islam
2019-03-19 Agung Saputra
2019-03-04 Pratik Vinod Yadav
2019-01-19 Younes Belarbi
2015-12-07 Mohammed Abdulqader Abobaker Al-saggaf
2014-05-22 Imen Soussi
2014-05-22 James Amos