Bug Bounty

Safety is our top priority. The crypto exchange YBITAZ takes care of the security of each user. Therefore, we encourage the search for vulnerabilities on the exchange and pay a reward for finding them.

Inform us about the vulnerability

do not spread information about it and give us enough time to fix the vulnerability

Make the necessary efforts

in order to avoid damage to the exchange and its users.

Do not mislead

users and/or employees of the exchange during the search and elimination of the vulnerability.

Award

We do not limit the maximum amount of rewards in any way and can increase the reward, depending on the severity of the vulnerability. You are more likely to receive an increased reward if you show how vulnerability can be used to cause maximum harm.

Here is a list of approximate rewards for vulnerability detection:

Remote code execution$10,000

Manipulation of user balances$10,000

XSS/CSRF/Clickjacking affecting actions with user balances/trading/exchange/replenishment$2,000

Theft of information related to passwords/API keys/personal information$2,000

Partial authentication bypass$1,500

Other vulnerabilities that could lead to financial losses or data leakage$500

Other CSRF (except CSRF logout)$500

No reward will be awarded for DDoS, Self-XSS, Spam, Social engineering attacks.

Have you found a vulnerability?

To report it, send us an e-mail, we will contact you as soon as possible and solve the problem.

Contact Support