Bug Bounty
We take security seriously. Our bug bounty program offers Tether rewards to anyone who discovers a new vulnerability in our code.
What Are We Looking For?
Designed for traders who seek efficiency and control
Cross-Site Scripting
Cross-Site Request Forgery
Remote Code Execution
Click-Jacking
Code Injection
Leaks of Sensitive Data
How It Works
In order to claim a bug bounty, you must follow the rules below:
- Discover an entirely unknown vulnerability.
- Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
- Not use the exploit to steal money or data from Quantum FX or its customers. If the exploit requires account access, you must use your own.
If you have any doubts or questions, email us at security@quantumfx.forex.
Ineligible Bounties
We don't reward bounties for vulnerabilities that are not under our direct control. For example:
- Social engineering
- Issues requiring physical access to hardware
- Vulnerabilities in 3rd party software (Ruby, nginx, etc)
- Denial of Service
- Usability issues
How I Should Do It?
Submit on Hackerone
