Crypto.com, trusted by more than 100 million customers worldwide and the industry pioneer in regulatory compliance, security and privacy, announced that it has upgraded their existing bug bounty program with HackerOne, providing up to USD $2 million in rewards for the reporting of security vulnerabilities.
This is the first time a bug bounty program with HackerOne has reached USD $2 million, and represents the largest available across all bug bounty programs with HackerOne - in the crypto industry and beyond.
Finding critical security gaps
“Security and compliance are at the foundation of everything we do at Crypto.com,” said Kris Marszalek, CEO of Crypto.com. “As our business and the industry continue to grow, it’s critically important that we remain focused on our core principles, and this new bounty program does that by setting a new bar.”
“When you operate a global app serving more than 100 million customers, finding critical security gaps before bad actors do is essential to system integrity and customer trust,” said Kara Sprague, CEO of HackerOne. “This record-breaking bounty reflects the significant emphasis Crypto.com puts on consumer protection and their appreciation of the value the ethical hacking community can provide.”
Ethical hacking community
“Crypto.com’s responsiveness and dedication to hacker program engagement makes their commitment to the global ethical hacking community second to none,” said Chris Evans, CISO and Chief Hacking Officer of HackerOne.
“The top programs on our platform do not just follow our best practices but continuously raise the standard for how all organisations should engage with and reward ethical hackers.”
Enhancing safeguards and consumer protection
“While we have dedicated significant efforts to achieve top-tier security certifications, maintaining security assurance requires continuous focus and improvement,” said Jason Lau, Chief Information Security Officer of Crypto.com.
“We have always respected and partnered with the ethical hacking community as an extension of our security team. Deepening our relationship with HackerOne through this milestone and setting this landmark bounty underscores our commitment to enhancing safeguards and consumer protection. We look forward to continuing to productively engage with this community.”
Cloud security and privacy certifications
Crypto.com became the first virtual asset platform to achieve multiple certifications across all platforms, including SOC2 Type 2, PCI DSS 4.0, ISO 27017 and ISO 27019 for cloud security and privacy certifications in 2023, ISO 22301 for Business Continuity Management in 2021, ISO 27701 for Privacy Information Management System in 2020, and ISO 27001 for Information Security Management Systems in 2019, as well as by conforming to the highest tier of the NIST Cybersecurity and Privacy Frameworks, and obtaining regional specific certifications like the Data Protection Trust Mark and Cyber Trust Mark in Singapore.
