COBINHOOD is the next-generation cryptocurrency service platform with security
as its top
priority. COBINHOOD recognizes the importance of security researchers in helping keep the
platform and the users’ assets and information safe.
Which is why we encourage responsible disclosure of security vulnerabilities
on our platform
through the bug bounty program described below.
We have a KYC team approving new users. Please use the following naming convention while carrying out any testing:
Responsible disclosure includes:
Providing us a reasonable amount of time to fix the issue before publishing it elsewhere.
Ensuring that efforts will be done in good faith to not leak or destroy any COBINHOOD’s user data.
Not defrauding COBINHOOD’s users or COBINHOOD itself in the process of discovering these vulnerabilities.
To promote responsible disclosure, the COBINHOOD team promises not to bring legal action against researchers who point out a problem provided that the researchers do their best to follow the guidelines stated above.
COBINHOOD, Ltd. will make a best effort to meet the following SLAs for hackers participating in our program:
We’ll try to keep you informed about our progress throughout the process.
Our rewards are based on severity per CVSS (the Common Vulnerability Scoring
Standard). Please note these are general guidelines, and that reward decisions
are up to the discretion of COBINHOOD, Ltd.
The minimum payout is $100 USD for reporting a low severity with possibility for direct exploitation. The maximum reward is $4000, and we may award higher amounts based on the severity or creativity of the vulnerability found.
Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.
Critical (9.0 - 10.0) | High (7.0 - 8.9) | Medium (4.0 - 6.9) | Low (0.1 -
$4000 | $1,000 | $300 | $100
 Sensitive actions include: depositing, trading, or sending money; OAuth or
API Key actions
 Privileged information includes: passwords, API keys, bank account numbers, social security
numbers or equivalent information
The scope of this program is limited to security vulnerabilities found on the
COBINHOOD website. All services provided by COBINHOOD are eligible to our bug
bounty program, including the API,
Merchant Tools, and the Exchange.
Vulnerabilities reported on other properties or applications are currently not
eligible for reward.
High impact vulnerabilities outside of this scope might be considered on a case-by-case basis.
When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:
Important: When reporting a vulnerability, you must provide an attack scenario and/or examples of the attack. Without this, we reserve the right to reject the bug as Not Applicable. COBINHOOD will determine, at its discretion, whether a vulnerability is eligible for a reward and the amount of the award.
By submitting a bug, you agree to be bound by the rules mentioned.
Thank you for helping keep COBINHOOD, Ltd. and our users safe!
Contact us if you want more information.