Binance is the number one cryptocurrency exchange, operating in many places throughout the world. Specializing in crypto-to-crypto transactions, we provide access to hundreds of digital currency pairs. As a leading exchange platform, we prioritize security, liquidity, and speed, while maintaining some of the lowest fees in the industry. We strive to give our users the best experience possible, also providing access to some of the latest blockchain/DLT technologies available, with new cryptocurrencies being listed frequently.
Binance stands for “Binary Finance”, integrating digital technology with finance. Just as the name suggests, we are digital currency enthusiasts, with more than 20 years of combined finance, security, and development experience at top exchange platforms and companies including the Tokyo Stock Exchange, Morgan Stanley, Accenture, and other Top 100 companies from all over the world.
At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.
This bounty brief describes the rules of the Binance bug bounty program, as well as the eligibility of vulnerabilities and the rewards.
This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.
Rewards will be paid out in BNB (Binance Coin).
Once your submission is accepted, please provide either of the following to receive your reward.
- email address registered on Binance
- your BNB wallet address
We suggest researchers create a separate private Binance account, or a BNB wallet.
*Prices will change with the cryptocurrency markets and the dollar amount listed below could change.
Please note that only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards.
*Binance is eager to work with the community to make sure that every researcher’s finding is rewarded fairly – based on the vulnerability’s impact on business and overall severity. To this end, it is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $100,000.
Binance may award an additional reward bonus for exceptional reports. This will be done at Binance’s discretion .
Bug Bounty Challenge:
To continue fostering our relationship with security researchers, Binance is excited to announce the launch of a special bonus program that multiplies payouts for consecutive vulnerabilities reports between November 21, 2019 5pm PT and December 21, 2019 5pm PT.
Through the bonus, Binance will also grant up to 5,000 USD in BNB as additional rewards to the top-performing security researchers reporting through the Bugcrowd platform.
- 50% bonus for the second report eligible for reward in the bonus timeframe.
- 75% bonus for the third report eligible for reward in the month bonus timeframe.
- 100% bonus for fourth or more reports eligible for reward in the bonus timeframe.
Awards:- The amount of the bonus is based on technical severity of the reported vulnerabilities, ranging from 200 USD to 10,000 USD. In other words, if you report three valid vulnerabilities worthy of 600USD, you will earn a total of $600+$600*1.5+$600*1.75=$2,550 for bug bounty.
In addition, Binance will reward the top three researchers ranked by bounty amounts for valid reports during the duration of the bonus period. Here are the prizes for the top participants:
- First prize: 5,000 USD in BNB + exclusive Binance hoodie
- Second prize: 2,500 USD in BNB + exclusive Binance hoodie
- Third prize: 1,000 USD in BNB + exclusive Binance hoodie