BETFURY BUG BOUNTY PROGRAM
Get up to 300 000 USD
BetFury provides public bounties for exposing vulnerabilities and bugs. What does this mean? As you know, we are constantly improving our platform to keep it running as efficiently and smoothly as possible. In addition, the BetFury community is really huge - we have many hackers, security engineers and experienced, observant players among us. This means that together we can make the platform better and defeat all bugs.
Anyone who helps to correct bugs will receive a huge reward - up to 300 000 USD (in BFG)! Find a vulnerability or a bug and report it. We’ll be happy to investigate and fix it and you’ll get the reward.
- Hot wallet accessibility - up to 300 000 USD (in BFG) Vulnerabilities that allow withdrawal of funds from hot wallets.
- Account penetration - up to 100 000 USD (in BFG) Technical vulnerabilities that allow access to someone’s account.
- Balance manipulation - up to 50 000 USD (in BFG) Vulnerabilities that allow manipulation of user balances.
- In-house game bugs/exploits - up to 50 000 USD (in BFG) House edge bugs or vulnerabilities in In-house games that allow to win consistently.
- Server vulnerability - up to 50 000 USD (in BFG) DDoS attack on a platform that leads to its partial or total incapacity.
- Platform’s bonuses abuse - up to 50 000 USD (in BFG) It's about Mining, FuryCharge, Rakeback, Cashback, Referral bonuses, etc.
- Bugs/exploits in the Integrated games (Slots, Live, Table and Sportsbook) - up to 20 000 USD (in BFG) Bugs in games from different providers that allow to win consistently.
- Medium functional bugs - up to 1 000 USD (in BFG) Functional defects of the platform that do not concern layout, text typos, and other visual defects.
⚠️ The size of the reward in any of the foregoing cases depends on the severity of the vulnerability which is determined by our team during testing.
If you find a bug, exploit or vulnerability, please report this to [email protected]. Describe the bug in detail with steps to reproduce and a full description. Also show the result of using this bug/exploit/vulnerability.
Here are details of the procedure and important points of the BetFury report flow:
- You must not share the information about the bug/exploit/vulnerability in the internet, be it community or forum, etc.)
- The first response time from BetFury can take up to 3 days.
- We check all points of your report within 1 week after the first response. After that we notify you about the test results.
- If the bug is confirmed and reproduced, we try to quickly resolve the bug/exploit/vulnerability within 2 weeks after the first vulnerability was confirmed.
- If the bug is not confirmed and reproduced or is already known, the BetFury team closes the case with no reward.
- BetFury is obligated to pay the reward immediately after the bug/exploit/vulnerability was fixed.
⚠️ If you have found a critical bug, BetFury asks you to duplicate the report in the Live Support chat for a faster response to the problem.
BetFury verifies all results reported through our Bug Bounty program. Each report is reviewed and evaluated to ensure credibility. If the description in the report is not clear, we request additional information from the reporter. After aggregating all the information, the presentation of the report goes through an internal review and evaluation process. Once the internal review process is complete, all bugs that are not reproducible, invalid, or uninformative will be closed.
⚠️ The investigator must provide detailed information and supporting evidence to all reports. Failure to provide a detailed report will result in delayed sorting and/or closure of tickets.
⚠️ If a user discovers a vulnerability, he should not use it. We ask the researcher to give us a reasonable opportunity to resolve the issue before making it public.
Submit a detailed description of the problem and the steps you think might be needed to reproduce what you’ve observed. Please, do your best to protect the privacy, confidentiality, and integrity of the users' data. The privacy of our community is extremely important and we greatly appreciate your help in maintaining it. Please understand that we cannot work with anyone who violates relevant laws or regulations, attempts to exploit a security issue, or access other users' data.
Thank you for your cooperation!