Robinhood Crypto Trading App Boosts Its HackerOne Bug Bounty Rewards
Robinhood Increases Bug Bounty Reward to $50,000
Recently, the security lead of stock and crypto trading of Robinhood, Karthik Rangaraja, has announced that the platform has increased the prizes for its bounty program. Now, the top prize is $50,000 USD. The post has also been used to clarify some aspects of eligibility and rules of the bounty program.
News About The Bounty Program
On the Robinhood news bounty program, you can get anywhere between $100 and $50,000 USD as rewards for your efforts as a bounty hunter. Most of the higher prizes are for coding. A remote code execution can get you between $25,000 and $50,000 USD. A significant accounting manipulation of SQL is worth from $15,000 to $25,000 USD. The smallest bounty is now $100 USD, which is given for redirects.
Other rewards include other cross site scripting and cross site request forgery ($500 to $5,000 USD), sensitive data exposure ($2,500 to $5,000 USD) and significant authentication or authorization bypass ($10,000 to $20,000 USD).
The officer of the company stated that the eligible vulnerabilities and rewards could change over time, so you should keep paying attention. Also, any bugs that can be found on the HackerOne page of Robinhood will also be rewarded. The reason why the company raised the bounties was to become a target for popular security experts that could help to find more bugs.
According to Karthik Rangaraja, the types of reports that the company wanted were not 100% clear in the past and that caused some problems, o the company is eager to sort these mistakes by being more clear and specific about what it wants.
You can read the full details on the bug bounty program here.
The cryptocurrency market is currently filed with companies that are trying to engage their communities and to build around their criticism. Bounty hunts are a great way to do it. EOS, one of the largest blockchains in the market right now, is reported to have paid $10,000 USD to a single developer who found bugs in the system.
These programs are important not only to create a sense of community and to improve the products, but as an important way to get feedback at the same time that critical errors can be fixed before they become a major nuisance.
However, not all companies are following this line. BitFi Wallet, a company supported by John McAfee, claims that it is unhackable and it is reported to threaten people who send bug reports to the company or that have hacked the system. McAfee has been openly criticizing and mocking people who have found out bugs and loopholes in the wallet.
Fortunately, many companies are not like BitFi and are more reliable, open to criticism and actually respect their community instead of being arrogant. That shows a lot of what the core values of a company are.