Sign up

The Plisio Bug Bounty Program

Help us find code vulnerabilities and get Bitcoin rewards.

Report a bug

Help Us Find Security Flaws

Plisio is committed to providing a secure environment for its users. While our IT specialists work diligently to identify any potential security issues, it's always possible that some may be missed.

As a result, we have launched a bug bounty program that enables all Plisio users to earn rewards for helping find code vulnerabilities.

Get Rewards

The reward size is determined by the reported issue severity.
Bug Severity
Critical
High
Medium
Low
Reward (BTC)
$4,000-$15,000
$1,000-$4,000
$200-$1,000
Up to $200
The bug bounty reward may be boosted – that’s how:

Issue Description Quality

The report is well-written and clearly explains the vulnerability.

PoC Quality

The report Includes testing code, scripts, and detailed instructions.

Issue Fix Quality, if provided

Suggestions on how to fix the issue are provided in the report.

What Bugs We’re Looking for?

The Plisio bug bounty program applies to all the services offered on our platform. We consider vulnerabilities that could lead to financial loss or data breaches as most severe. Such issues may include, but are not limited to:

CSS

RCE

CSRF

UI Redressing

Sensitive Data Breach

Authentication Bypass

How to Report a Bug

Step 1

Find any of the vulnerabilities stated above and compile a report that contains a sufficient proof of concept. For instance, in case of web-related problem, a report should contain:

  • HTTP requests/responses with impacted parameters
  • Screenshots or videos (if needed)
  • Browser info (type), OS, device, and app version
  • Description of the potential issue consequences
  • Recommendations on how to fix the issue (optional)

Step 2

Let us know about the bug before publicly sharing it anywhere – it will give us time to evaluate and fix the issue.

Step 3

State your BTC address for payment.

Step 4

Use the Plisio PGP Public Key to encrypt your report (link to the right).

Step 5

Submit your vulnerability reports to: [email protected]

Vulnerability Disclosure

We expect all bug bounty program participants to respect the following responsible disclosure principles:

  • Provide us a reasonable amount of time to fix the issue before sharing it elsewhere.
  • Do not violate the other users’ privacy (do not interact with individual accounts), damage the platform data, or engage in fraudulent activity towards Plisio or its users.
  • Use your own account for purposes that require account access.
  • If you unintentionally accessed private data (like access codes), delete it after notifying us first.
  • If you were able to access Plisio funds due to a bug, you must return the entire amount to Plisio.

PGP Public Key

Get key

Found a Bug? Report It

Let us know as soon as possible when you discover of a potential security issue, and we'll do our best to patch it.

Sign up for free in 2 clicks • Easy setup in 2 minutes • Tech support 24/7

Report a bug