Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
Cryptocat - Security logo
Hall of Fame

Cryptocat - Security

Bug Bounty Program

From December 20, 2016 and until December 31, 2017, Cryptocat is holding a Bug Bounty Program. The goal of this program is to invite independent analysis of Cryptocat's security, especially since its complete rewrite which was completed in April 2016.

Bug Bountry Program Prize

  1. $500 USD delivered via PayPal.
  2. A good book from chosen by us.
  3. Recognition on the Cryptocat website.
  4. A personal thank-you note.

Due to Cryptocat's limited funding as volunteer-run software, the bounty is held in a "contest" style: the first person to report a vulnerability will receive the prize, and the Bug Bounty Program will then be closed until further notice. Should we receive more than one bounty report simultaneously, we will award the prize to the report we judge to be more important.

However: Should you win the Bug Bounty Program prize but forfeit the $500 USD prize money, the Bug Bounty Program will remain open for a second potential winner, and you will still receive the other three elements of the prize.

Bug Bounty Program Criteria


  1. Your report must be submitted before December 31, 2017 (anywhere on Earth).
  2. A proof-of-concept must be included.
  3. You must be agree with full public disclosure of the bug you have discovered. You may choose to forfeit public credit.

Bug Eligibility

Your reported vulnerability must be, within reasonable judgement, a high-to- critical severity vulnerability. For example, it must allow remote account compromise, user or device impersonation, message decryption, arbirtrary code execution, or something along these lines. A simple denial of service, to give a counter-example, or a bug that is reliant on pre-existing control of the victim's device, is not eligible. We promise to be fair regarding the severity of your reported bug.

Any submitted report must involve a bug that is exploitable in the latest version of Cryptocat at the time of submission.

Bug Bounty Program Report Submission

Simply send a Cryptocat message to nadim on Cryptocat in order to submit your report. It's the personal account of the person responsible for writing the software.

Thank you for helping make Cryptocat safer for everyone. Good luck!

FireBounty © 2015-2019

Legal notices