Cryptocurrency exchange Crypto.com has launched a landmark bug bounty program with HackerOne.
The program will provide up to $2m in rewards for the reporting of security vulnerabilities. This represents the largest sum available across all bug bounty programs with HackerOne.
Crypto.com operates a global app which has more than 100 million customers worldwide.
Jason Lau, CISO at Crypto.com, noted that the firm has dedicated significant efforts to achieve top-tier security certifications. However, maintaining security assurance requires continuous focus and improvement.
“We have always respected and partnered with the ethical hacking community as an extension of our security team,” Lau said.
“Deepening our relationship with HackerOne through this milestone and setting this landmark bounty underscores our commitment to enhancing safeguards and consumer protection. We look forward to continuing to productively engage with this community,” he added.
In recent years the cryptocurrency industry has become a high-value target for cybercriminals because of the potential monetary gain.
Blockchain intelligence firm, TRM, found that North Korean hackers stole at least $600m in cryptocurrency in 2023.
Kris Marszalek, CEO of Crypto.com, commented, “As our business and the industry continue to grow, it’s critically important that we remain focused on our core principles, and this new bounty program does that by setting a new bar.”
The Singaporean firm’s strategy has been to expand through security, compliance and regulatory licenses to advance its mission of “Cryptocurrency in Every Wallet”.
Crypto.com became the first virtual asset platform to achieve multiple certifications across all platforms including SOC2 Type 2, PCI DSS 4.0, ISO 27017 and ISO 27019 for cloud security and privacy certifications in 2023.
It also achieved ISO 22301 for Business Continuity Management in 2021, ISO 27701 for Privacy Information Management System in 2020, and ISO 27001 for Information Security Management Systems in 2019.
The firm also says it conforms to the highest tier of the NIST Cybersecurity and Privacy Frameworks and obtaining regional specific certifications like the Data Protection Trust Mark and Cyber Trust Mark in Singapore.