ChangeHero's Bug Bounty Program

Due to popular demand, ChangeHero has a bug bounty program for security researchers. We invite you to help us identify bugs and vulnerabilities and will reward you if it helps us deliver a more secure product. Interested? Read on for more information!

How Does ChangeHero Bug Bounty Work?

Please be informed that as a work in progress, the bug bounty program terms and conditions are not finalized.

To streamline the process of reporting security vulnerabilities and properly reward our community members for help, we decided to test the waters and trial our own bug bounty program.

A bug or security bounty is an offer from a software company or a similar business for “white hat” ethical hackers and security researchers. In exchange for a detailed report on various vulnerabilities, they offer a reward that can vary depending on the severity of the exploits. Major tech companies such as Microsoft and Apple collaborate with external security researchers and bug bounty hunters to identify security issues.

Eligibility and Responsible Conduct

To be eligible for bounty awards, your report must comply with the following criteria:

A valid report contains clearly documented material on a discovered security vulnerability in the code of the ChangeHero website or Affiliate Program assets (widget, referral links, API)
Vulnerability reports have to be clearly attributable to the person who submits them and must not be published anywhere else prior or for the duration of a review
Does not violate the Terms of Use of the platform
Does not contain sensitive information, private information of other users, inappropriate information, or received in a fraudulent manner
Is not a result of an exploit that causes a service interruption, harm, or damage to the work of the ChangeHero website or Affiliate Program assets (widget, referral links, API)
By submitting a report, you also acknowledge that it is subject to our Privacy Policy. ChangeHero may reject the submission of information deemed ineligible.

Reward Details

We encourage valid reports about all potential vulnerabilities.

Repeated reports and bugs connected to one underlying issue entitle you to one payout.

Minor: $100–300 USD in BTC
High priority: $300–500 USD in BTC
Critical: $500–1,000 USD in BTC

Minor: $100–300 USD in BTC
High priority: $300–500 USD in BTC
Critical: $500–1,000 USD in BTC

Contact Support

Report a security vulnerability

So, do you feel up to the challenge? Do you already know what to report? Then

Search for security vulnerabilities in the scope of the bug bounty program;
Prepare a vulnerability report with respect to the eligibility criteria;
Send it to ChangeHero support through the available contact channels — email or the chat widget on the website;
Wait for a submission acknowledgment and a review from our security team usually provided within 30 days.

Let’s work together for mutual benefit: we eliminate security bugs and improve ChangeHero, and you receive rewards!