Dossier
critical security flaws
Coverage of critical security flaws in the Nexus archive.
- Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?
A security researcher reported critical vulnerabilities to Deribit through its bug bounty program, but the exchange silently patched the issues and ignored the researcher for 70+ days, refusing to communicate or pay. Deribit's 'unmanaged' HackerOne program status prevents forced resolution, raising concerns about transparency and trust in its security practices.