Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Square thumb bitgo 6ad61218a7eff95c49fb5bf8b5f41077de8d24dc444b3a84711d5a48ebe6e22d

BitGo

Multi-Sig Security for Bitcoin

#CC82

Targets in scope

Description

BitGo protects your Bitcoin holdings with the world's first multi-signature secure wallet. We strongly believe in bounty programs and welcome all users to audit and inspect BitGo for vulnerabilities. This program is designed to encourage external verification of our services and we reward those that are helpful to our users, the community, and us.

Typically, we only pay for reports which lead to configuration or code changes at BitGo. There is no limit to paid bounties and we will pay above guidelines for reports which responsibly disclose important vulnerabilities to us.

Thank you for helping make BitGo and Bitcoin better.

Out of scope

  • Missing HttpOnly flags, Secure flag, Browser Cache vulnerabilities.
  • Vulnerabilities related to 3rd-party software (e.g. Java, plugins, extensions) are not in scope.
  • Outgoing DNS SPF configuration

Platform

  • nginx
  • nodejs
  • AngularJS

The terms for running and engaging in a security program always apply.

Specs

  • Rewards

    High: $1,000
    Medium: $250
    Low: $100

  • Disclosure Rules

    Responsible disclosure

  • Access Level

    Open for all

  • Response Time / Rate

    More than 3 weeks / 98%

  • Researcher Feedback

    Average of all evaluations

Latest announcements

No announcements yet

Earlier this week

BitGo closed a report from lccunha
BitGo closed a report from copypaste1
BitGo closed a report from burpman09
BitGo closed a report from cadmus
BitGo closed a report from Ravi_yadav
BitGo closed a report from lccunha
BitGo closed a report from MuzammilKayani
Gravatar
MuzammilKayani submitted a report
BitGo closed a report from noman181
Small thumb lccunha
lccunha submitted a report

Earlier this month

BitGo closed a report from pyrk21422
BitGo closed a report from muhammadkhizerjaved
BitGo closed a report from lccunha
Small thumb muhammadkhizerjaved
muhammadkhizerjaved submitted a report
BitGo closed a report from 0xOrgin
BitGo closed a report from LegalHacker_
BitGo closed a report from ooorrraaaxxxooo
BitGo closed a report from WireArmitage
Gravatar
WireArmitage submitted a report
Gravatar
LegalHacker_ submitted a report