Bug Bounty

We take security seriously. Our bug bounty program offers Bitcoin rewards to anyone who discovers a new vulnerability in our code.
hero_bug-bounty@3840w.jpg

Find our flaws

What are we looking for?

Bug Bounty - Cross Site Scripting.svg

Cross-site scripting

Bug Bounty - Cross Site Request Forgery.svg

Cross-site request forgery

Bug Bounty - Remote Code Execution.svg

Remote code execution

Bug Bounty - Click Jacking.svg

Click-jacking

Bug Bounty - Code Injection.svg

Code injection

Bug Bounty - Leaks of Sensitive Data.svg

Leaks of sensitive data

How it works

In order to claim a bug bounty, you must:

  • Discover an entirely unknown vulnerability.
  • Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
  • Not use the exploit to steal money or data from CoinJar or its customers. If the exploit requires account access, you must use your own.

If you have any doubts or questions, email us at security@coinjar.com.

Ineligible bounties

We don’t reward bounties for any vulnerabilities not under our direct control. For example:

  • Social engineering
  • Issues requiring physical access to hardware
  • Vulnerabilities in 3rd party software (Ruby, nginx, etc)
  • Denial of Service
  • Usability issues

Report a bug

Please fill out the form below to report an issue. Include as much detail about the exploit as you can and a BTC address for us to send the reward to. Our Security Team will get back to you as soon as possible.
App storeApp store

CoinJar’s Digital Currency and Exchange Services are operated by CoinJar UK Limited, a private limited company registered in England and Wales (company number 8905988). CoinJar UK Limited is registered in Australia by AUSTRAC as a digital currency exchange provider (Registration No. DCE100576400-001).

CoinJar Card is a prepaid Mastercard issued by EML Payment Solutions Limited ABN 30 131 436 532 AFSL 404131 pursuant to license by Mastercard Asia/Pacific Pte. Ltd. Mastercard and the Mastercard brand mark are registered trademarks and the circles design is a trademark of Mastercard International Incorporated. CoinJar Australia Pty Ltd ABN 75 648 570 807 promotes and distributes CoinJar Card as a Corporate Authorised Representative of EML Payment Solutions Limited. This material is general information only and does not consider your objectives, financial situation or needs and you should consider if CoinJar Card is right for you. We recommend you consider the Product Disclosure Statement before making any decision to acquire the product. The Target Market Determination for this product can be found here.

Apple Pay is a trademark of Apple Inc., registered in the U.S. and other countries. Google Pay is a trademark of Google LLC.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.