ExTrade
AI Trading Platform

Bug Bounty Program

Help us keep ExTrade secure. Report vulnerabilities and earn rewards up to $25,000 for critical findings.

$500K+

Total Paid Out

150+

Bugs Fixed

200+

Security Researchers

48hrs

Avg Response Time

Reward Structure
Rewards are based on the severity and impact of the vulnerability
Critical
Remote code execution, SQL injection, authentication bypass
$5,000 - $25,000
High
Privilege escalation, sensitive data exposure, CSRF
$1,000 - $5,000
Medium
XSS, information disclosure, business logic flaws
$250 - $1,000
Low
Minor security issues, configuration problems
$50 - $250
In Scope
Assets and vulnerabilities covered by our program

Domains & Applications

  • • extrade.com (main platform)
  • • api.extrade.com (API endpoints)
  • • Mobile applications (iOS/Android)
  • • Desktop applications

Vulnerability Types

  • • Authentication & authorization flaws
  • • SQL injection & code injection
  • • Cross-site scripting (XSS)
  • • Business logic vulnerabilities
  • • Cryptographic issues
Out of Scope
Issues not covered by our bounty program

Excluded Issues

  • • Social engineering attacks
  • • Physical security issues
  • • Denial of service (DoS) attacks
  • • Spam or content injection
  • • Issues in third-party services

Testing Restrictions

  • • No automated scanning
  • • No testing on production data
  • • No social engineering of staff
  • • No physical access attempts
How to Submit
Follow these steps to report a vulnerability
1

Discover

Find a security vulnerability in our systems

2

Document

Create a detailed report with steps to reproduce

3

Submit

Send your report to security@extrade.com

4

Get Rewarded

Receive your bounty after verification

Report Requirements

  • Clear description of the vulnerability
  • Step-by-step reproduction instructions
  • Proof of concept (screenshots, videos)
  • Impact assessment and potential risks
Hall of Fame
Top security researchers who have helped secure ExTrade
#1
Alex Chen
23 bugs reported
$45,000
#2
Sarah Kim
18 bugs reported
$32,500
#3
Mike Rodriguez
15 bugs reported
$28,000
#4
Emma Wilson
12 bugs reported
$22,000
#5
David Park
10 bugs reported
$18,500
Contact Security Team
Have questions about our bug bounty program?

Report a Vulnerability

security@extrade.com

Use PGP encryption for sensitive reports. Our public key is available on our security page.

Program Questions

bounty@extrade.com

For questions about rewards, scope, or program guidelines.