In a strategic move to bolster its cybersecurity, KuCoin, a top global cryptocurrency exchange, has teamed up with Bugcrowd, the leader in crowdsourced cybersecurity. Together, they have rolled out a robust bug bounty program designed to enhance the security of KuCoin’s trading platform.
Enhancing Security with Strategic Collaboration
Identifying Key Vulnerabilities: KuCoin and Bugcrowd are focusing on a broad range of potential security issues within the exchange’s web and mobile platforms, including:
- Business logic errors that could lead to asset loss
- Payment manipulation
- Remote Code Execution (RCE)
- Leakage of sensitive data
- Critical issues identified by OWASP such as XSS, CSRF, SQL Injection, SSRF, and IDOR
- Various other risks that could lead to significant losses
Mobile Security Focus: On the mobile front, the initiative aims to tackle:
- Unsafe external link access
- Exploitable vulnerabilities in Jsbridge/Javascriptinterface
- Other mobile-specific threats
Structured Bug Bounty Rewards
To incentivize the cybersecurity community, KuCoin and Bugcrowd have outlined a structured reward system based on the severity of the discovered vulnerabilities, categorized as follows:
- Extreme Severity: Reward of $10,000
- Critical Severity: Rewards between $3,000 and $5,000
- High Severity: Rewards between $1,000 and $2,000
- Medium Severity: Rewards between $200 and $400
- Low Severity: Rewards between $50 and $100
Commitment to User Security
Johnny Lyu, CEO of KuCoin, emphasized the exchange’s dedication to security: “As the People’s Exchange, securing user assets and transactions is our continuous commitment. Partnering with a community of expert researchers through Bugcrowd ensures that we tackle even the most obscure security challenges.”
Dave Gerry, CEO of Bugcrowd, added, “The rapid growth of the cryptocurrency market underscores the need for enhanced security. Our collaboration with KuCoin aims to leverage the global hacker community to fortify KuCoin’s defenses and ensure a safer trading environment for all users.”
Learn More and Participate
For more details on the Bug Bounty Program and to learn how to participate, please visit KuCoin’s Official Announcement.