Dmytro Matviiv
Product Owner of HackenProof
Trusted by
Why run a Bug Bounty program?
Relevant bug reports and crowdsourced pentesting
A bug bounty program is a way to receive reports on security flaws from ethical hackers and independent security researchers before cybercriminals can exploit those vulnerabilities and ruin your reputation. Receive only relevant bug reports and undergo crowdsourced penetration testing with 10k+ ethical hackers curated by HackenProof.
-
Cost-effective security
You only have to pay for found bugs, and HackenProof ensures that all bugs are relevant.
-
Choose your scope
Bug bounty program follows your goals, and you select the scope, timeframe and rewards.
-
Crowdsourced protection
Two heads are better than one. Bug Bounty gives access to thousands of external security experts.
Without adequate protection, Web3 projects suffer costly exploits
- $3.2B stolen from crypto projects in 2021
- Code exploits and flash loan attacks behind >50% of stolen value
- Double-damage: direct financial losses + token price drop
What projects benefit from Bug Bounty the most?
-
Crypto Exchanges and Finance
Startups and established projects in lending and borrowing, trading and prediction markets, token swaps, investments, crowdfunding, insurance, portfolios, and wallets.
-
Crypto Ecosystems
Enterprises developing blockchain and protocol technology and use cases for them
-
Gaming
Web3 projects creating virtual worlds for entertainment and earning
-
Arts and Collectibles
Apps and platforms for digital ownership in art and fashion, digital collectibles, and music.
When to run Bug Bounty?
- Bug Bounty should be active all the time after the project’s launch
- Continuous Bug Bounty coverage maximizes bug detection
- All Bug Bounty programs on HackenProof last for at least 1 year
Looking forward to avoiding exploits and making your project free of security flaws?
Fill out the form to get a quote and book our certified specialists
Why choose HackenProof for Bug Bounty?
-
Expertise
7k+ found bugs, 50+ active programs,10k+ experts. Avalanche, CoinGecko, IoTeX, Huobi, and Gate.io use HackenProof.
-
Pay-as-you-go
Only pay for vetted bugs and triage services. HackenProof handles all policy and payment transactions.
-
Top-Notch Triage
Receive only the most relevant reports as we check for duplicates and out-of-scope issues and identify their significance.
-
Crowdsourced pentest
Invite-only time-bound bug bounty program combined with high-level security assessment and professional recommendations.
-
Continuous protection
Bug bounty program is an ongoing security process and lasts at least 1 year.
-
Convenient tracking
Track your bounty progress in a dashboard at any time to check bug reports and rewards.
How to launch a program?
Bug bounty program on your terms
-
1
Next
Get a quote
We will discuss your goals and show you how to reach them using HackenProof
-
2
Next
Bounty Policy
Compose the bounty policy to specify rules and rewards. We’ll help you with this step
-
3
Next
Sign Contract
Approve all the terms to ensure full-scope coverage of the bounty
-
4
Add funds
Security researchers will immediately start working on your bounty
Reach our team to get an estimate and price
Technical side of HackenProof Bug Bounty
“Bug Bounty program curated by HackenProof is the only way Web3 projects can utilize the full power of crowdsourced security.”
Bug Bounty Program by HackenProof lets your receive reports on security bugs from hackers, customers, and independent security researchers before cybercriminals can exploit those vulnerabilities. HackenProof Bug Bounty offers an industry-asset match for Desktop, Mobile, Web apps, Blockchain Protocols, Smart Contracts, and Cloud Security. In terms of customer industries, HackenProof offers coverage for Crypto Exchanges, Crypto Directories, NFT Projects, Crypto Wallets, DEX, Dapps, GameFi, and DAO. HackenProof provides Triage service to manage bug reports. They validate the raw reports coming from the researchers. Triage teams are handy in situations when: you don’t have the time to manage the bug report, or you need experts who can validate if a bug severity level is correct
HackenProof Bug Bounty is recognized by
What else do you get from Bug Bounty?
-
Proofed by Hacken
Upon completing Bug Bounty program, you will become Proofed by Hacken. Proofed by Hacken is the ultimate proof of security of your project.
Hacken Bug Bounty will be attached to your project’s page on:
-
Promotion
If your project meets Hacken’s partnership requirements, we will offer you an extended service package, including marketing activities.
Hacken social media coverage:
>100k users on
Bug Bounty report includes
-
Classification of found bugs depending on their severity
-
Client-friendly detailed dashboard on bugs and rewards
Trusted by the crypto community
Other Web 3.0 cyber-security services
-
Web3 Security
Penetration Testing
Secure your systems with penetration testing
Learn more -
Web3 Security
Blockchain Protocol Audit
Timely full-scope security check of your chain
Learn more -
Top Solutions
Ethereum (EVM) Audit
Smart contract audit for EVM blockchains
Learn more
Why Hacken?
-
5+
Years of Expertise
-
1,000+
Clients
-
50+
Crypto Exchanges
-
180+
Partners
-
1,200+
Audited Projects
-
100+
Team Members
Security Auditor & Partner for leading Web3 players
Hacken is a member of top industry organizations
Leading media write about our contribution to securing Web3
Let the global crypto community know about your strong security
FAQ
-
What is the best way to start a bug bounty program?
Prepare: Reach out HackenProof, Choose a type of bug bounty, Define the Scope, Set Rewards, Establish Triage, Craft the Policy, and Build the Internal Process.
Launch: Start Small, Analyze, Exchange Feedback.
Refine: Scale, Improve.
-
What are the validity requirements for Bug Bounty?
Not all bug bounty programs and platforms are the same. The industry only recognizes valid bug bounty programs. The requirements for validity are as follows:
1. The policy should be public
2. Bug bounty policy should allow intrusive testing. The whole infrastructure should be in scope
3. It should include structured in scope/out of scope and clear program rules with clear statistics on reports, rewards, and SLAs.
HackenProof experts ensure that your bug bounty program is valid and recognized by users, partners, and investors. -
What is HackenProof?
HackenProof is Hacken’s separate entity that was created in 2017 solely for bug bounties.
HackenProof Website: https://hackenproof.com/
HackenProof Services:
Platform: HackenProof has all the needed functionality for the convenient program management
Professional Triage Team: HackenProof team handled over 10K reports
Community of Security researchers (Hackers): more than 10K registered hackers
P&R: For all our paid clients, HackenProof prepares social media announcements
Payments: HackenProof handles all payments between clients and hackers
HackenProof clients: Avalanche, CoinGecko, IoTeX, Huobi, Gate.io, and more.
Integrations: HackenProof Bug Bounties are integrated into CoinGecko and CER.live.
Bobby Ong
Founder, CoinGecko
"CoinGecko is excited about working with Hacken for our bug bounty program. We are well aware of the dangers that vulnerabilities may present to our users and this is one way where we take proactive steps together with Hacken."
Dr Arnold Yau
Security Consultant, Avalanche
"HackenProof was born in the blockchain ecosystem with a hacker community that strives to make the technology safe and secure for all to use. They have contributed significant efforts in understanding our requirements to fully and effectively meet our specific needs."
Sunny Lu
CEO, Vechain
"Hacken founders inherited quality, professionalism, and integrity from Deloitte, their ex-employer."
Ruben Guevara
DevOps Security Oriented Engineer, PAID Network
"They've extended their background and clarification on the subject to ensure the project's success."
Mike Miclea
Head of Marketing, Cirus Foundation
"Strong expertise. In our opinion, this team knows everything about cybersecurity."
Stan Stolberg
Founder & CTO of ScaleSwap launchpad
"Hacken is our trusted security vendor. With their recommendations, projects can address all cybersecurity issues and release the code resistant to any type of cyber threats.”