Bug Bounty
Find our flaws
What are we looking for?
Cross-site scripting
Cross-site request forgery
Remote code execution
Click-jacking
Code injection
Leaks of sensitive data
How it works
In order to claim a bug bounty, you must:
- Discover an entirely unknown vulnerability.
- Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
- Not use the exploit to steal money or data from CoinJar or its customers. If the exploit requires account access, you must use your own.
If you have any doubts or questions, email us at security@coinjar.com.
Ineligible bounties
We don’t reward bounties for any vulnerabilities not under our direct control. For example:
- Social engineering
- Issues requiring physical access to hardware
- Vulnerabilities in 3rd party software (Ruby, nginx, etc)
- Denial of Service
- Usability issues
Report a bug
Please fill out the form below to report an issue. Include as much detail about the exploit as you can and a BTC address for us to send the reward to. Our Security Team will get back to you as soon as possible.
Your information is handled in accordance with CoinJar’s .
CoinJar’s digital currency exchange services are operated by CoinJar Australia Pty Ltd ACN 648 570 807, a registered digital currency exchange provider with AUSTRAC.
CoinJar Card is a prepaid Mastercard issued by EML Payment Solutions Limited ABN 30 131 436 532 AFSL 404131 pursuant to license by Mastercard. CoinJar Australia Pty Ltd is an authorised representative of EML Payment Solutions Limited (AR No 1290193). We recommend you consider the and before making any decision to acquire the product. Mastercard and the circles design are registered trademarks of Mastercard International Incorporated.
Google Pay is a trademark of Google LLC. Apple Pay is a trademark of Apple Inc.
This site is protected by reCAPTCHA and the and apply.
