Get started
63982089 586Cfc80 Ca76 11E9 9F44 Ca06D28230C0

Hedera bug bounty program

Find bugs. Submit a report. Earn rewards.

Report a bug

A stronger ecosystem

We welcome Hedera community members to contribute to the Hedera network platform and services codebase, developer tools, and more by finding and submitting bugs and vulnerabilities. The entire ecosystem will benefit from the shared efforts in improving the robustness of Hedera’s software and security.
Find Bug
Find bugs

Explore Hedera’s network services and developer tools to discover bugs and vulnerabilities. We ask that you follow the rules of engagement while testing.

Submit A Report
Submit a report

If you find a bug or vulnerability, then send an email to [email protected] with a description of your findings.

Earn Hbars
Earn rewards

A member of the Hedera team will reach out for further information. Earnings are determined on a case-by-case basis. There is no cap on the amount of rewards you can earn.

Rules of engagement

When in doubt, email us at [email protected].

Don't attempt to access another user’s account

That is to say that you can do cross-account testing, but only use accounts that you own/control.

Use the testnet for all testing purposes

The mainnet is for production use and should not be used for testing.

DDoS/spam attacks aren't allowed

Do not perform any attack that could harm the reliability/integrity of Hedera services or data.

Don't publicly disclose a bug before it’s fixed

Exposing a vulnerability before Hedera is able to remediate could directly harm Hedera and the community, and will result in not receiving compensation for the bug's discovery.

Don't impact other users with your testing

This includes testing for vulnerabilities by impacting an account you do not own.

Never attempt non-technical attacks

Such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

Hedera Improvement Proposals

Have a suggestion or feature request? The Hedera Improvement Proposal (HIP) program is the place to do it. HIPs can range from core protocol changes, to the applications, frameworks, and protocols built on top of the Hedera public network and used by the community. Get started by visiting the HIP repository.

Submit a report

Send an email with a description of your findings to earn rewards

Report a bug