Crypto.com Launches Enhanced Security Initiative with Record Bug Bounty Program
Based in Singapore, Crypto.com has unveiled an ambitious initiative offering a staggering $2 million to individuals who can spot and report security vulnerabilities. This bold move underscores the company’s confidence in its advanced security infrastructure. The bounty program, the most significant to date for both the website and HackerOne, features an expansive scope, prompt payments, and strict adherence to platform standards.
Collaboration with HackerOne: A Strategic Approach
On December 2nd, Crypto.com publicized its collaboration with HackerOne, announcing the $2 million bounty through a Twitter/X post and a company update. This strategic decision is part of Crypto.com’s ongoing commitment to fortifying security and ensuring compliance, backed by a suite of certifications such as ISO 27001, ISO 27017, ISO 27019, ISO 22301, ISO 27701, SOC2 Type 2, and PCI DSS 4.0. Furthermore, Crypto.com holds regional certifications, including Singapore’s Cyber Trust Mark and Data Protection Trust Mark.
Advertisement Banner
Expanding the Bug Bounty Program
Continuing its alliance with HackerOne, Crypto.com has recently enhanced its bug bounty program to offer rewards of up to $2 million. This milestone marks the largest bug bounty initiative in partnership with HackerOne within the crypto sector and beyond.
The reward system is structured to incentivize the identification of vulnerabilities based on their severity. For lower severity issues (0.1-3.9), which account for 41.67% of submissions, rewards range from $200 to $500. Medium severity issues (4.0-6.9) attract rewards between $500 and $5,000, high severity issues (7.0-8.9) offer between $5,000 and $40,000, and critical vulnerabilities (9.0+) can earn up to $2 million.
Crypto.com encourages its users to proactively identify potential vulnerabilities, aiming to mitigate risks before they can be exploited by malicious actors. This initiative aligns with the broader trend of tech companies leveraging bug bounties to combat online threats.
Importance of Identifying Security Vulnerabilities
Crypto.com, a leader in the cryptocurrency domain, serves a vast user base of over 100 million individuals across 90 countries. However, this widespread adoption also makes it susceptible to security challenges. Recognizing this, the company partners with HackerOne to address and preemptively tackle these threats.
Trust is the cornerstone of Crypto.com’s operations, built upon the principles of privacy and security. The company employs a “zero-trust” and “defense in depth” security strategy, continually investing in privacy and security education.
Kara Sprague, CEO of HackerOne, emphasized the critical need for identifying security gaps, particularly for a company like Crypto.com. She highlighted that the unprecedented bounty amount underscores Crypto.com’s dedication to user safety and support for ethical hacking.
Web 3.0 Companies Embrace Bug Bounty Programs
Crypto.com is not alone in its efforts to address security challenges. Other prominent Web 3.0 companies like Facebook, Atomic Wallet, and Uniswap have also implemented bounty programs to detect and rectify security vulnerabilities. Notably, Uniswap launched the most extensive bug bounty program in the decentralized finance (DeFi) sector, offering up to $15.5 million for identifying security threats in its v4 smart contract. This move has significantly boosted the value of its UNI token.
