Don’t invest unless you’re prepared to lose all the money you invest. This is a high‑risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more.

    Bug Bounty

    Our bug bounty program offers Bitcoin rewards to anyone who discovers a new vulnerability in our code.

    Bug bounty

    Find our flaws

    What are we looking for?

    Bug Bounty - Cross Site Scripting.svg

    Cross-site scripting

    Bug Bounty - Cross Site Request Forgery.svg

    Cross-site request forgery

    Bug Bounty - Remote Code Execution.svg

    Remote code execution

    Bug Bounty - Click Jacking.svg

    Click-jacking

    Bug Bounty - Code Injection.svg

    Code injection

    Bug Bounty - Leaks of Sensitive Data.svg

    Leaks of sensitive data

    How it works

    In order to claim a bug bounty, you must:

    • Discover an entirely unknown vulnerability.
    • Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
    • Not use the exploit to steal money or data from CoinJar or its customers. If the exploit requires account access, you must use your own.

    If you have any doubts or questions, email us at security@coinjar.com.

    Ineligible bounties

    We don’t reward bounties for any vulnerabilities not under our direct control. For example:

    • Social engineering
    • Issues requiring physical access to hardware
    • Vulnerabilities in 3rd party software (Ruby, nginx, etc)
    • Denial of Service
    • Usability issues

    Report a bug

    Please fill out the form below to report an issue. Include as much detail about the exploit as you can and a BTC address for us to send the reward to. Our Security Team will get back to you as soon as possible.

    Your information is handled in accordance with CoinJar’s Privacy Policy.

    CoinJar logo

    CoinJar

    Get the app.

    Install