Product Owner of HackenProof
🇺🇦 Hacken stands with Ukraine!Learn more
Harness the full power of crowdsourced security with HackenProofrequest a quote
A bug bounty program is a way to receive reports on security flaws from ethical hackers and independent security researchers before cybercriminals can exploit those vulnerabilities and ruin your reputation. Receive only relevant bug reports and undergo crowdsourced penetration testing with 10k+ ethical hackers curated by HackenProof.
You only have to pay for found bugs, and HackenProof ensures that all bugs are relevant.
Bug bounty program follows your goals, and you select the scope, timeframe and rewards.
Two heads are better than one. Bug Bounty gives access to thousands of external security experts.
Startups and established projects in lending and borrowing, trading and prediction markets, token swaps, investments, crowdfunding, insurance, portfolios, and wallets.
Enterprises developing blockchain and protocol technology and use cases for them
Web3 projects creating virtual worlds for entertainment and earning
Apps and platforms for digital ownership in art and fashion, digital collectibles, and music.
Fill out the form to get a quote and book our certified specialists
7k+ found bugs, 50+ active programs,10k+ experts. Avalanche, CoinGecko, IoTeX, Huobi, and Gate.io use HackenProof.
Only pay for vetted bugs and triage services. HackenProof handles all policy and payment transactions.
Receive only the most relevant reports as we check for duplicates and out-of-scope issues and identify their significance.
Invite-only time-bound bug bounty program combined with high-level security assessment and professional recommendations.
Bug bounty program is an ongoing security process and lasts at least 1 year.
Track your bounty progress in a dashboard at any time to check bug reports and rewards.
We will discuss your goals and show you how to reach them using HackenProof
Compose the bounty policy to specify rules and rewards. We’ll help you with this step
Approve all the terms to ensure full-scope coverage of the bounty
Security researchers will immediately start working on your bounty
Product Owner of HackenProof
“Bug Bounty program curated by HackenProof is the only way Web3 projects can utilize the full power of crowdsourced security.”
Bug Bounty Program by HackenProof lets your receive reports on security bugs from hackers, customers, and independent security researchers before cybercriminals can exploit those vulnerabilities. HackenProof Bug Bounty offers an industry-asset match for Desktop, Mobile, Web apps, Blockchain Protocols, Smart Contracts, and Cloud Security. In terms of customer industries, HackenProof offers coverage for Crypto Exchanges, Crypto Directories, NFT Projects, Crypto Wallets, DEX, Dapps, GameFi, and DAO. HackenProof provides Triage service to manage bug reports. They validate the raw reports coming from the researchers. Triage teams are handy in situations when: you don’t have the time to manage the bug report, or you need experts who can validate if a bug severity level is correct
Upon completing Bug Bounty program, you will become Proofed by Hacken. Proofed by Hacken is the ultimate proof of security of your project.
If your project meets Hacken’s partnership requirements, we will offer you an extended service package, including marketing activities.
Classification of found bugs depending on their severity
Client-friendly detailed dashboard on bugs and rewards
Secure your systems with penetration testingLearn more
Timely full-scope security check of your chainLearn more
Smart contract audit for EVM blockchainsLearn more
Years of Expertise
Prepare: Reach out HackenProof, Choose a type of bug bounty, Define the Scope, Set Rewards, Establish Triage, Craft the Policy, and Build the Internal Process.
Launch: Start Small, Analyze, Exchange Feedback.
Refine: Scale, Improve.
Not all bug bounty programs and platforms are the same. The industry only recognizes valid bug bounty programs. The requirements for validity are as follows:
1. The policy should be public
2. Bug bounty policy should allow intrusive testing. The whole infrastructure should be in scope
3. It should include structured in scope/out of scope and clear program rules with clear statistics on reports, rewards, and SLAs.
HackenProof experts ensure that your bug bounty program is valid and recognized by users, partners, and investors.
HackenProof is Hacken’s separate entity that was created in 2017 solely for bug bounties.
HackenProof Website: https://hackenproof.com/
Platform: HackenProof has all the needed functionality for the convenient program management
Professional Triage Team: HackenProof team handled over 10K reports
Community of Security researchers (Hackers): more than 10K registered hackers
P&R: For all our paid clients, HackenProof prepares social media announcements
Payments: HackenProof handles all payments between clients and hackers
HackenProof clients: Avalanche, CoinGecko, IoTeX, Huobi, Gate.io, and more.
Integrations: HackenProof Bug Bounties are integrated into CoinGecko and CER.live.
"CoinGecko is excited about working with Hacken for our bug bounty program. We are well aware of the dangers that vulnerabilities may present to our users and this is one way where we take proactive steps together with Hacken."
Dr Arnold Yau
Security Consultant, Avalanche
"HackenProof was born in the blockchain ecosystem with a hacker community that strives to make the technology safe and secure for all to use. They have contributed significant efforts in understanding our requirements to fully and effectively meet our specific needs."
"Hacken founders inherited quality, professionalism, and integrity from Deloitte, their ex-employer."
DevOps Security Oriented Engineer, PAID Network
"They've extended their background and clarification on the subject to ensure the project's success."
Head of Marketing, Cirus Foundation
"Strong expertise. In our opinion, this team knows everything about cybersecurity."
Founder & CTO of ScaleSwap launchpad
"Hacken is our trusted security vendor. With their recommendations, projects can address all cybersecurity issues and release the code resistant to any type of cyber threats.”