logo
OSUpdatePoolASIC FirmwareASIC Hub
More
referral
Increase your income with Hiveon. Invite your friends and earn real cryptocurrency!

Bug Bounty Program

Security first. And it is rewarded.

The security of the Hive OS system is one of our main goals. Help us with it, find vulnerabilities — and get rewarded.

How does the program work?

Remuneration is possible in case the following rules are observed:

  1. You must be the first user to submit a vulnerability report.
  2. The detected vulnerability must fall into one of the categories described below.
  3. You must provide a description of the steps required to reproduce the vulnerability.
  4. You agree to maintain the confidentiality of your communication with the Hive OS team — this means that you should not send reports or evidence to other users or companies.
  5. The in-scope domains (not including sub-domains) are as follows: hiveon.com, the.hiveos.farm, hiveon.net.

The list of vulnerabilities

The detected vulnerability must fall into one of the following categories:

  • Cross-site request forgery that has serious security impact
  • Cross-site scripting (excluding Self-XSS)
  • Server side request forgery
  • Cross origin resource sharing that has serious security impact
  • Open Redirect that has serious security impact
  • SQL injection
  • Privilege escalation
  • Directory traversal
  • Payment manipulation
  • Remote code execution
  • Local file inclusion
  • Remote file inclusion
  • Leakage of sensitive data
  • Authentication bypass

What is the amount of the reward?

  • The reward amount is $10-$20. Threshold values ​​are not subject to negotiation or change.
  • We pay much more ($500+) for the following vulnerabilities: leakage of sensitive data, payment manipulation, authentication bypass, SQL injection.
  • One confirmed vulnerability equals one reward.

Important

  • You must not violate the privacy of other users, destroy any data, or disrupt the operation of our services.
  • To search for vulnerabilities, you should use only your personal Hive OS account. The use of other users' accounts is prohibited.
  • Do not try to affect our physical security measures, do not use spam, social engineering, DDOS attacks, or other techniques.
  • If you find a vulnerability that allows access to the system, you should notify us immediately — do not continue to investigate the vulnerability yourself.
  • Exploiting the vulnerability for your own benefit cancels your participation in the program — in this case, no remuneration will be paid.

Your attentiveness can earn you a reward and help make Hive OS even more secure. If you find a vulnerability, please email us at [email protected]. Let’s improve Hive OS together!