Bug Bounty

Harness the full power of crowdsourced security with HackenProof

request a quote

Trusted by

logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo
logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo logo
Why run a Bug Bounty program?

Relevant bug reports and crowdsourced pentesting

A bug bounty program is a way to receive reports on security flaws from ethical hackers and independent security researchers before cybercriminals can exploit those vulnerabilities and ruin your reputation. Receive only relevant bug reports and undergo crowdsourced penetration testing with 10k+ ethical hackers curated by HackenProof.

decoration shield
  • Cost-effective security

    You only have to pay for found bugs, and HackenProof ensures that all bugs are relevant.

  • Choose your scope

    Bug bounty program follows your goals, and you select the scope, timeframe and rewards.

  • Crowdsourced protection

    Two heads are better than one. Bug Bounty gives access to thousands of external security experts.

Without adequate protection, Web3 projects suffer costly exploits

  • $3.2B stolen from crypto projects in 2021
  • Code exploits and flash loan attacks behind >50% of stolen value
  • Double-damage: direct financial losses + token price drop

What projects benefit from Bug Bounty the most?

  • Crypto Exchanges and Finance

Startups and established projects in lending and borrowing, trading and prediction markets, token swaps, investments, crowdfunding, insurance, portfolios, and wallets.

  • Crypto Ecosystems

Enterprises developing blockchain and protocol technology and use cases for them

  • Gaming

Web3 projects creating virtual worlds for entertainment and earning

  • Arts and Collectibles

Apps and platforms for digital ownership in art and fashion, digital collectibles, and music.

When to run Bug Bounty?

  • Bug Bounty should be active all the time after the project’s launch
  • Continuous Bug Bounty coverage maximizes bug detection
  • All Bug Bounty programs on HackenProof last for at least 1 year

Looking forward to sleeping well knowing that your product is free of security flaws?

Fill out the form to get a quote and book our certified specialists

Why choose HackenProof for Bug Bounty?

  • Expertise

    7k+ found bugs, 50+ active programs,10k+ experts. FTX, Avalanche, Coingecko, IoTeX, Huobi, and Gate.io use HackenProof.

  • Pay-as-you-go

    Only pay for vetted bugs and triage services. HackenProof handles all policy and payment transactions.

  • Top-Notch Triage

    Receive only the most relevant reports as we check for duplicates and out-of-scope issues and identify their significance.

  • Crowdsourced pentest

    Invite-only time-bound bug bounty program combined with high-level security assessment and professional recommendations.

  • Continuous protection

    Bug bounty program is an ongoing security process and lasts at least 1 year.

  • Convenient tracking

    Track your bounty progress in a dashboard at any time to check bug reports and rewards.

How to launch a program?

Bug bounty program on your terms

  • 1 Next

    Get a quote

    We will discuss your goals and show you how to reach them using HackenProof

  • 2 Next

    Bounty Policy

    Compose the bounty policy to specify rules and rewards. We’ll help you with this step

  • 3 Next

    Sign Contract

    Approve all the terms to ensure full-scope coverage of the bounty

  • 4

    Add funds

    Security researchers will immediately start working on your bounty

Reach our team to get an estimate and price

Technical side of HackenProof Bug Bounty

Dmytro Matviiv

Dmytro Matviiv

Product Owner of HackenProof

“Bug Bounty program curated by HackenProof is the only way Web3 projects can utilize the full power of crowdsourced security.”

Bug Bounty Program by HackenProof lets your receive reports on security bugs from hackers, customers, and independent security researchers before cybercriminals can exploit those vulnerabilities. HackenProof Bug Bounty offers an industry-asset match for Desktop, Mobile, Web apps, Blockchain Protocols, Smart Contracts, and Cloud Security. In terms of customer industries, HackenProof offers coverage for Crypto Exchanges, Crypto Directories, NFT Projects, Crypto Wallets, DEX, Dapps, GameFi, and DAO. HackenProof provides Triage service to manage bug reports. They validate the raw reports coming from the researchers. Triage teams are handy in situations when: you don’t have the time to manage the bug report, or you need experts who can validate if a bug severity level is correct

HackenProof Bug Bounty is recognized by

  • rust icon
  • rust icon

What else do you get from Bug Bounty?

  • proofed icon

    Proofed by Hacken

    Upon completing Bug Bounty program, you will become Proofed by Hacken. Proofed by Hacken is the ultimate proof of security of your project.

    Hacken Bug Bounty will be attached to your project’s page on:

  • proofed icon

    Promotion

    If your project meets Hacken’s partnership requirements, we will offer you an extended service package, including marketing activities.

    Hacken social media coverage:

audit template

Bug Bounty report includes

  • Classification of found bugs depending on their severity

  • Client-friendly detailed dashboard on bugs and rewards

Trusted by the crypto community

  • Bobby Ong

    Bobby Ong

    Founder, CoinGecko

    "CoinGecko is excited about working with Hacken for our bug bounty program. We are well aware of the dangers that vulnerabilities may present to our users and this is one way where we take proactive steps together with Hacken."

  • Dr Arnold Yau

    Dr Arnold Yau

    Security Consultant, Avalanche

    "HackenProof was born in the blockchain ecosystem with a hacker community that strives to make the technology safe and secure for all to use. They have contributed significant efforts in understanding our requirements to fully and effectively meet our specific needs."

  • Sunny Lu

    Sunny Lu

    CEO, Vechain

    "Hacken founders inherited quality, professionalism, and integrity from Deloitte, their ex-employer."

  • Ruben Guevara

    Ruben Guevara

    DevOps Security Oriented Engineer, PAID Network

    "They've extended their background and clarification on the subject to ensure the project's success."

  • Mike Miclea

    Mike Miclea

    Head of Marketing, Cirus Foundation

    "Strong expertise. In our opinion, this team knows everything about cybersecurity."

  • Stan Stolberg

    Stan Stolberg

    Founder & CTO of ScaleSwap launchpad

    "Hacken is our trusted security vendor. With their recommendations, projects can address all cybersecurity issues and release the code resistant to any type of cyber threats.”

Other Web3 cybersecurity services

Why Hacken?

  • 5

    Years of Expertise

  • 1,070+

    Clients

  • 50+

    Crypto Exchanges

  • 180+

    Partners

  • 17%

    Clients from CMC TOP-300

  • 88+

    Team Members

Security Vendor & Partner for leading Web 3.0 players

  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo
  • avalanche logo

Hacken is a member of top industry organizations

  • eea logo
  • eea logo
  • eea logo

Leading media write about our contribution to securing Web 3.0

  • bloomberg logo
  • bloomberg logo
  • bloomberg logo
  • bloomberg logo
  • bloomberg logo
  • bloomberg logo
  • bloomberg logo

Let the global crypto community know about your strong security

FAQ

  • What is the best way to start a bug bounty program?

    Prepare: Reach out HackenProof, Choose a type of bug bounty, Define the Scope, Set Rewards, Establish Triage, Craft the Policy, and Build the Internal Process.

    Launch: Start Small, Analyze, Exchange Feedback.

    Refine: Scale, Improve.

  • What are the validity requirements for Bug Bounty?

    Not all bug bounty programs and platforms are the same. The industry only recognizes valid bug bounty programs. The requirements for validity are as follows:
    1. The policy should be public
    2. Bug bounty policy should allow intrusive testing. The whole infrastructure should be in scope
    3. It should include structured in scope/out of scope and clear program rules with clear statistics on reports, rewards, and SLAs.
    HackenProof experts ensure that your bug bounty program is valid and recognized by users, partners, and investors.

  • What is HackenProof?

    HackenProof is Hacken’s separate entity that was created in 2017 solely for bug bounties.
    HackenProof Website: https://hackenproof.com/
    HackenProof Services:
    Platform: HackenProof has all the needed functionality for the convenient program management
    Professional Triage Team: HackenProof team handled over 10K reports
    Community of Security researchers (Hackers): more than 10K registered hackers
    P&R: For all our paid clients, HackenProof prepares social media announcements
    Payments: HackenProof handles all payments between clients and hackers
    HackenProof clients: FTX, Avalanche, Coingecko, IoTeX, Huobi, Gate.io, and more.
    Integrations: HackenProof Bug Bounties are integrated into Coingecko and CER.live.

Tell us about your project

  • This field is required
  • This field is required
    • whatsapp icon WhatsApp
    • telegram icon Telegram
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,070+ projects audited

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,070+ projects audited

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo