Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Square thumb bitgo 6ad61218a7eff95c49fb5bf8b5f41077de8d24dc444b3a84711d5a48ebe6e22d

BitGo

Multi-Sig Security for Bitcoin

#CC82

Targets in scope

Description

BitGo protects your Bitcoin holdings with the world's first multi-signature secure wallet. We strongly believe in bounty programs and welcome all users to audit and inspect BitGo for vulnerabilities. This program is designed to encourage external verification of our services and we reward those that are helpful to our users, the community, and us.

Typically, we only pay for reports which lead to configuration or code changes at BitGo. There is no limit to paid bounties and we will pay above guidelines for reports which responsibly disclose important vulnerabilities to us.

Thank you for helping make BitGo and Bitcoin better.

Out of scope

  • Missing HttpOnly flags, Secure flag, Browser Cache vulnerabilities.
  • Vulnerabilities related to 3rd-party software (e.g. Java, plugins, extensions) are not in scope.
  • Outgoing DNS SPF configuration

Platform

  • nginx
  • nodejs
  • AngularJS

The terms for running and engaging in a security program always apply.

Specs

  • Rewards

    High: $1,000
    Medium: $250
    Low: $100

  • Disclosure Rules

    Responsible disclosure

  • Access Level

    Open for all

  • Response Time / Rate

    More than 3 weeks / 100%

  • Researcher Feedback

    Average of all evaluations

Latest announcements

No announcements yet

April

BitGo1 closed a report from burpman09
BitGo1 closed a report from burpman09
BitGo1 closed a report from DanyalZafar
BitGo1 closed a report from ShuvamoyRoy

March

Gravatar
ShuvamoyRoy submitted a report
BitGo1 closed a report from lccunha
BitGo1 closed a report from copypaste1
BitGo1 closed a report from burpman09
BitGo1 closed a report from cadmus
BitGo1 closed a report from Ravi_yadav
BitGo1 closed a report from lccunha
BitGo1 closed a report from MuzammilKayani
Gravatar
MuzammilKayani submitted a report
BitGo1 closed a report from noman181
Gravatar
lccunha submitted a report
BitGo1 closed a report from pyrk21422
BitGo1 closed a report from muhammadkhizerjaved
BitGo1 closed a report from lccunha
Small thumb muhammadkhizerjaved
muhammadkhizerjaved submitted a report
BitGo-Ron closed a report from 0xOrgin