Bug Bounty

How to report

• Encrypt your report with the main PGP key (do not use the server key).
• Un-encrypted mail is ineligible for a reward.
• Include a clear description of how you found the issue.

Standard rewards (2 XMR)

• Discover the IP address of our onion service server (clearnet IPs do not qualify).
• Steal funds from the service (minimum 2 XMR; smaller amounts rewarded at our discretion).
• Gain access to any production server.

Other vulnerabilities are welcome; reward amounts are decided solely by us.

Back to swap