In a strategic move to strengthen cybersecurity, KuCoin, a leading global cryptocurrency exchange, has partnered with Bugcrowd, a leader in crowdsourcing cybersecurity. Together they launched a robust bug bounty program designed to enhance the security of the KuCoin trading platform.
Strengthening security through strategic collaboration
Identify key vulnerabilities: KuCoin and Bugcrowd are focused on a wide range of potential security issues within the exchange’s web and mobile platforms, including:
- Business logic errors that can lead to asset loss
- Payment manipulation
- Remote Code Execution (RCE)
- sensitive data leak
- Critical issues identified by OWASP, including XSS, CSRF, SQL injection, SSRF, IDOR, etc.
- Various other risks that could result in significant losses
Mobile Security Area: In the mobile sector, the plan aims to address:
- Accessing insecure external links
- Exploitable vulnerabilities in the Jsbridge/Javascript interface
- Other mobile-related threats
Structured bug bounty rewards
To incentivize the cybersecurity community, KuCoin and Bugcrowd have outlined a structured reward system based on the severity of discovered vulnerabilities, categorized as follows:
- Extreme Severity: $10,000 reward
- Severity: Compensation between $3,000 and $5,000
- High severity: Compensation between $1,000 and $2,000
- Medium severity: Compensation between $200 and $400
- Low severity: Rewards between $50 and $100
Commitment to user security
KuCoin CEO Johnny Lyu emphasized the exchange’s commitment to security. He said, “As the People’s Exchange, protecting user assets and transactions is our ongoing commitment. Bugcrowd allows us to work with a community of expert researchers to solve even the most obscure security problems.”
Dave Gerry, CEO of Bugcrowd, added: “The rapid growth of the cryptocurrency market highlights the need for increased security. Our collaboration with KuCoin aims to leverage the global hacker community to strengthen KuCoin’s defenses and ensure a safer trading environment for all users.”
Learn more and get involved
To learn more about the bug bounty program and how to participate, please visit KuCoin’s official announcement.