bug bounty program
Coverage of bug bounty program in the Nexus archive.
- ZetaChain dismissed bug report that could have prevented $334K exploit
ZetaChain dismissed a bug report through its bug bounty program before a $334,000 exploit occurred. The vulnerability was identified and reported but ignored, leading to the attack.
- Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?
A security researcher reported critical vulnerabilities to Deribit through its bug bounty program, but the exchange silently patched the issues and ignored the researcher for 70+ days, refusing to communicate or pay. Deribit's 'unmanaged' HackerOne program status prevents forced resolution, raising concerns about transparency and trust in its security practices.
- Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?
An independent security researcher reported critical vulnerabilities to Deribit via its bug bounty program, but the exchange silently patched the flaws and ignored the researcher for over 70 days without communication or payment. The researcher raised concerns about Deribit's lack of transparency and trustworthiness, as the exchange is listed as an 'unmanaged' program on HackerOne, preventing forced resolution.
- GPT 5.5 biosafety bounty
OpenAI has launched a bug bounty program for its GPT-5.5 model, focusing on biosafety risks. The initiative rewards researchers for identifying vulnerabilities that could enable misuse of biotechnology through AI.