Bug Bounty

Responsible Disclosure Policy

Deribit is the leader cryptocurrency option exchange by volume and uses the latest available technology to offer microsecond response time. We value security and availability before all so that traders can focus fully on what matters the most to them, making money.

As a part of our perpetual quest for improvement and security, we highly respect and value ethical hackers work. If you come across a vulnerability in one of our web or mobile application, you can report it to us using the below form. We take security very seriously and strive to provide lightning fast response time to any report. We will validate and fix vulnerabilities in accordance with our commitment to security. Researchers will be rewarded at Deribit discretion depending of the security impact and we will never take legal action against you as long as you show good faith in not impacting the platform or our customers.

The following guidelines give you an idea of what we usually pay out for different classes of bugs – for all things not listed below, this program follows the Bugcrowd VRT for prioritizing issues.

  • Tier 1: www.deribit.com. Eligible for 100% of the advertised reward.
  • Tier 2: *.deribit.com and mobile applications. Eligible for 50% of the advertised reward.
Technical severity Reward range
p1 — Critical $4,000 - $6,000
p2 — Severe $2,000 - $3,000
p3 — Moderate $600 - $850
p4 — Low $200 - $300