ProBit Global is excited to announce the launch of a new bug bounty program with HackenProof.
As a leading crypto trading platform, security is our top priority. Our bug bounty partnership with HackenProof offers rewards to security researchers and hackers who identify vulnerabilities in ProBit Global's systems. By incentivizing ethical hacking and security research through rewards, this program taps into the expertise of the broader community. Our goal is to work together to enhance platform defenses.
Reward Structure
The program offers a tiered reward system based on the severity of the identified vulnerabilities. Participants can expect the following bounty ranges:
- Critical: $5,000 - $10,000
- High: $2,000 - $4,000
- Medium: $500 - $1,500
- Low: $50 - $200
Scope of Vulnerabilities
Web | |
API | |
Android | https://play.google.com/store/apps/details?id=com.probit.app.android2.release.global |
iOS |
In-Scope Vulnerabilities
We are interested in the following vulnerabilities:
- Business logic issues
- Payments manipulation
- Remote code execution (RCE)
- Injection vulnerabilities (SQL, XXE)
- File inclusions (Local & Remote)
- Access Control Issues (IDOR, Privilege Escalation, etc)
- Leakage of sensitive information
- Server-Side Request Forgery (SSRF)
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Directory traversal
- Other vulnerability with a clear potential loss
The program excludes the following vulnerabilities from the scope:
- Vulnerabilities in third-party applications
- Assets that do not belong to the company
- Best practices concerns
- Recently (less than 30 days) disclosed 0day vulnerabilities
- Vulnerabilities affecting users of outdated browsers or platforms
- Social engineering, phishing, physical, or other fraud activities
- Publicly accessible login panels without proof of exploitation
- Reports that state that software is out of date/vulnerable without a proof of concept
- Reports that generated by scanners or any automated or active exploit tools
- Vulnerabilities involving active content such as web browser add-ons
- Most brute-forcing issues without clear impact
- Denial of service (DoS/DDoS)
- Theoretical issues
- Check the full list on HackenProof
Event Statement
- Avoid using web application scanners for automatic vulnerability searching which generates massive traffic
- Make every effort not to damage or restrict the availability of products, services, or infrastructure
- Avoid compromising any personal data, interruption, or degradation of any service
- Don’t access or modify other user data, localize all tests to your accounts
- Perform testing only within the scope
- Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
- Don’t spam forms or account creation flows using automated scanners
Join us in this collaborative effort to bolster the ProBit Global ecosystem's security infrastructure. Your expertise can help carve a safer and more secure future for all ProBit Global users!
Click here to join the bounty hunt and submit your reports via HackenProof to stand a chance to win!