Bug Bounties

BitMEX

Powered by: 

Allows bounty splitting: 

Average time to first program response: 11

Average time to bounty awarded null: 705

Average time to report resolved: 

Handle bitmex

Managed program: true

Name: BitMEX

Offers bounties: true

Offers swag: false

Response efficiency percentage: 92

Submission state: open

Url: https://hackerone.com/bitmex

Website: https://www.bitmex.com

In scope:

  • Asset identifier: *.bitmex.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: 1589023233
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: All Other BitMEX Assets
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: All other assets that are provably owned by BitMEX.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: com.bitmex.app.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://play.google.com/store/apps/details?id=com.bitmex.app.android.testnet
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Please see the instructions under the mobile beta access section of our policy
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://testflight.apple.com/join/533gFghn
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Please see the instructions under the mobile beta access section of our policy
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: testnet.bitmex.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: When testing our platform, please use our testing environment at `testnet.bitmex.com` and not `www.bitmex.com`. API Docs: https://testnet.bitmex.com/app/apiOverview
  • Integrity requirements: 
  • Max severity: critical