Your information is handled in accordance with CoinJar’s [Collection Statement](https://www.coinjar.com/au/collection-statement). 

Bug Bounty

We take security seriously. Our bug bounty program offers Bitcoin rewards to anyone who discovers a new vulnerability in our code. 

large_hero_bug-bounty@3840w.jpg

medium_hero_bug-bounty@3840w.jpg

placeholder_hero_bug-bounty@3840w.jpg

small_hero_bug-bounty@3840w.jpg

thumbnail_hero_bug-bounty@3840w.jpg

hero_bug-bounty@3840w.jpg

Bug Bounty - Cross Site Scripting.svg

Cross-site scripting

Bug Bounty - Cross Site Request Forgery.svg

Cross-site request forgery

Bug Bounty - Remote Code Execution.svg

Remote code execution

Bug Bounty - Click Jacking.svg

Click-jacking

Bug Bounty - Code Injection.svg

Code injection

Bug Bounty - Leaks of Sensitive Data.svg

Leaks of sensitive data

What are we looking for?

In order to claim a bug bounty, you must:

- Discover an entirely unknown vulnerability.
- 
- Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
- 
- Not use the exploit to steal money or data from CoinJar or its customers.
-  
- If the exploit requires account access, you must use your own.

If you have any doubts or questions, email us at security@coinjar.com.

How it works

We don’t reward bounties for any vulnerabilities not under our direct control. For example: 

- Social engineering 
- Issues requiring physical access to hardware 
- Vulnerabilities in 3rd party software (Ruby, nginx, etc) 
- Denial of Service 
- Usability issues

Ineligible bounties

Please fill out the form below to report an issue. Include as much detail about the exploit as you can and a BTC address for us to send the reward to. Our Security Team will get back to you as soon as possible.