Bitcoin

Ethereum

Tether

Solana

USDC

Dogecoin

Tron

Cardano

Avalanche

Shiba Inu

Official Trump

Chainlink

Polkadot

Maker Dai

Uniswap

Litecoin

Pepe

Stellar

Ethereum Classic

Polygon

Immutable X

Render

Aave

Optimism

Arbitrum

Injective

dogwifhat

Maker

Fetch.ai

The Graph

Bonk

Quant

Algorand

Lido DAO

GALA

Axie Infinity

Tezos

The Sandbox

ApeCoin

Decentraland

PAX Gold

Chiliz

Synthetix

Compound

Curve DAO

1inch

Basic Attention Token

0x Token

Rocket Pool

Biconomy

Universal Market Access

yearn.finance

Audius

Band Protocol

Loopring

SushiSwap

Pax Dollar

Cartesi

Bancor

Balancer

Kyber Network

Badger DAO

Origin Protocol

Orchid

placeholder_Trustpilot_ratings_4star-RGB-256x48.png

thumbnail_Trustpilot_ratings_4star-RGB-256x48.png

Trustpilot_ratings_4star-RGB-256x48.png

App Store Rating - Apple.svg

App Store Rating - Google.svg

Your information is handled in accordance with CoinJar’s [Privacy Policy](https://www.coinjar.com/privacy). 

Bug Bounty

We take security seriously. Our bug bounty program offers Bitcoin rewards to anyone who discovers a new vulnerability in our code. 

large_hero_bug-bounty@3840w.jpg

medium_hero_bug-bounty@3840w.jpg

placeholder_hero_bug-bounty@3840w.jpg

small_hero_bug-bounty@3840w.jpg

thumbnail_hero_bug-bounty@3840w.jpg

hero_bug-bounty@3840w.jpg

Bug Bounty - Cross Site Scripting.svg

Cross-site scripting

Bug Bounty - Cross Site Request Forgery.svg

Cross-site request forgery

Bug Bounty - Remote Code Execution.svg

Remote code execution

Bug Bounty - Click Jacking.svg

Click-jacking

Bug Bounty - Code Injection.svg

Code injection

Bug Bounty - Leaks of Sensitive Data.svg

Leaks of sensitive data

What are we looking for?

In order to claim a bug bounty, you must:

- Discover an entirely unknown vulnerability.
- Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
- Not use the exploit to steal money or data from CoinJar or its customers. If the exploit requires account access, you must use your own.

If you have any doubts or questions, email us at security@coinjar.com.

How it works

We don’t reward bounties for any vulnerabilities not under our direct control. For example: 

- Social engineering 
- Issues requiring physical access to hardware 
- Vulnerabilities in 3rd party software (Ruby, nginx, etc) 
- Denial of Service 
- Usability issues

Ineligible bounties

Please fill out the form below to report an issue. Include as much detail about the exploit as you can and a BTC address for us to send the reward to. Our Security Team will get back to you as soon as possible.

Success

Report a bug