Total Reports:41
Total Valid Reports:15



  Bounty Point
Crypto Assets Exchange
Program Logo
Program Logo
2022/01/01 〜 2022/12/31
Bounty Range
Only test for vulnerabilities on application stipulated in scope section.
Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.
Repetitive processing with tools are prohibited.
equivalent act that can degrade the performance of our service are also explicitly prohibited.
Actions and/or tests (including use of the vulnerabilities) that will impact the other end users are explicitly prohibited.
Execution of critical confirmation process like Deposit and withdrawal processing shall be as minimum as possible.
Web application
bitbankが運営する暗号資産(仮想通貨)取引所 | Crypto Assets Exchange
  • https://bitbank.cc
  • bitbank.cc
  • app.bitbank.cc
  • api.bitbank.cc
For Bounty
  • Authentication up to 5,000,000yen
  • Remote Code Execution up to 5,000,000yen
  • SQL Injection up to 5,000,000yen
  • other up to 500,000yen
  • Cross-Site Request Forgery (CSRF) up to 300,000yen
  • Not Eligible
    For Bounty
  • Vulnerabilities found through automated scans or tools
  • Hypothetical or theoretical vulnerabilities without actual verification code
  • Vulnerabilities with capability of brute force against password or tokens
  • Password, email and account policies, such as email id verification, reset link expiration, password complexity
  • Login/Logout CSRF
  • Missing CSRF tokens
  • CSRF on forms that are available to anonymous users (e.g. contact form)
  • Missing security headers
  • Vulnerabilities found in domains out-of-scope
  • Vulnerabilities affecting outdated browsers or platforms
  • Presence of autocomplete attribute on web forms
  • Missing secure flags on non-sensitive cookies
  • Reports of insecure SSL/TLS ciphers
  • Vulnerabilities with capability of username/email enumeration
  • Descriptive error messages (e.g. Stack traces, application or server errors)
  • Banner disclosure on servers
  • Misconfiguration of SPF record, DMARC and DKIM
  • Invalid HTTP method
  • Notes
    This program requires you to open an account with bitbank.cc.
    For eligibility details, please refer to the "Terms of Service Article 4" of this site.
    Report Bug

    Bounty Reward History

    • 2021/10/29 09:11

      paid for jumpei 's report

      報奨金 ポイント
    • 2021/08/30 19:17

      paid for kazkiti 's report

      報奨金 ポイント
    • 2021/08/30 19:15

      paid for Private 's report

      報奨金 ポイント
    • 2021/08/30 19:14

      paid for Private 's report

      報奨金 ポイント
    • 2021/08/30 19:12

      paid for Private 's report

      報奨金 ポイント
    • 2021/06/30 09:22

      paid for Private 's report

      報奨金 ポイント
    • 2021/05/31 15:46

      paid for mineo 's report

      報奨金 ポイント
    • 2021/05/31 15:45

      paid for Private 's report

      報奨金 ポイント
    • 2021/05/31 15:43

      paid for niwasaki 's report

      報奨金 ポイント
    • 2021/05/31 15:42

      paid for mage 's report

      報奨金 ポイント
    • 2021/04/19 17:55

      paid for Private 's report

      報奨金 ポイント
    • 2021/04/19 17:53

      paid for Ibnu 's report

      報奨金 ポイント
    • 2021/04/19 17:51

      paid for Private 's report

      報奨金 ポイント
    • 2021/04/08 18:12

      paid for payloadartist 's report

      報奨金 ポイント
    Report Bug


    Available Program:
    Closed Program:
    Bounties Range:
    ¥ 5,000¥ 5,000,000
    Reward Type:
    Bounty Point

    Top Hackers