Gold Standard Safe Harbor
Coverage of Gold Standard Safe Harbor in the Nexus archive.
- Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?
A security researcher reported critical vulnerabilities to Deribit through its bug bounty program, but the exchange silently patched the issues and ignored the researcher for 70+ days, refusing to communicate or pay. Deribit's 'unmanaged' HackerOne program status prevents forced resolution, raising concerns about transparency and trust in its security practices.
- Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?
An independent security researcher reported critical vulnerabilities to Deribit via its bug bounty program, but the exchange silently patched the flaws and ignored the researcher for over 70 days without communication or payment. The researcher raised concerns about Deribit's lack of transparency and trustworthiness, as the exchange is listed as an 'unmanaged' program on HackerOne, preventing forced resolution.