Even though we design our systems from a security first perspective, and use third party code reviews to review our systems for vulnerabilities, it is always possible we missed something. If you discover a bug or potential security risk, please let us know! You can reach us at firstname.lastname@example.org. The following guidelines apply.
Our responsible disclosure program covers all our products and services under our direct control. Some of the websites that are reachable under Bitvavo domains are not under our direct control. These are not eligible for rewards:
Examples of issues that are eligible for rewards:
Examples of issues that are ineligible for rewards:
Rewards are paid in bitcoin or euro. The minimum reward for bugs is 100 EUR. For more serious issues, the bounty is (significantly) higher. These bounties are at our discretion.
How to report an issue
Send an e-mail to email@example.com with a proof of concept explaining the issue(s) you found.