Bug Bounty

The bounty program for discovering vulnerabilities

Security is a top priority for us, that is why we launched a vulnerability detection bounty program. You can check out the terms and conditions below.

To receive a reward for detecting vulnerabilities, you need to:

Provide us with enough time to fix the vulnerability/weakness/issue before any information regarding it will become in any manner publicly announced.NOT cause any damage to the exchange infrastructure and its users.NOT mislead users or employees of the exchange while detecting vulnerabilities.

Under these conditions, we promise not to take any steps to persecute the person(s) thus helping us detect the problem.


There is no limit on the maximum reward size, we reserve the right to increase the size of the reward depending on the seriousness of the vulnerability found. Researchers are more likely to receive increased rewards if they can demonstrate how the found vulnerability may be used to cause the most harm.

The list below shows an approximate reward for detecting vulnerabilities:

Remote code execution $5,000
Manipulating user balances $3,000
XSS/CSRF/Clickjacking affecting user balances/trading/exchange/deposits $500
Theft of information related to passwords/API keys/personal information $500
Partial authentication bypass $500

Resources available for studying for vulnerabilities: whitebit.com, api.whitebit.com

Rewards for DDoS, Self-XSS, Spam, and Social engineering attacks will NOT be granted.

To report a vulnerability, please send us an e-mail to [email protected]