Report Bugs and Earn Rewards
If you notice a security vulnerability or technical issue on the EFEX website or app, you can report it through this page. Reviewed and confirmed reports may receive rewards based on impact and severity.
Collaboration and Security Principles at EFEX
Sustainable security
Your reports help strengthen our infrastructure and improve platform security.
Transparent review
All reports are reviewed against clear criteria and followed up with a result.
Fair rewards
Each reward is determined by the severity and impact of the report.
Constructive collaboration
Cooperation with users and security researchers helps us improve service quality.
Bug Submission Steps
01
Submit report
02
Validate vulnerability
03
Reward payout
Latest Rewards
| User | Reward amount |
|---|---|
| 90****8073 | 1.000 USDT |
| 90****8073 | 1.000 USDT |
| 93****2525 | 1.000 USDT |
| es***@gmail.com | 1.000 USDT |
| es***@gmail.com | 1.000 USDT |
| al***@gmail.com | 2.000 USDT |
| al***@gmail.com | 5.000 USDT |
| al***@gmail.com | 5.000 USDT |
| al***@gmail.com | 5.000 USDT |
| al***@gmail.com | 2.000 USDT |
Bug Report Requirements
- Only reports submitted through the official bug form at efex.pro/bug-bounty will be reviewed. Reports sent through other channels will not be accepted.
- Please submit your report with full details and reproducible steps; only these reports will receive a response.
- Submit only one bug per report. If your submission leads to finding other bugs, submit each one separately.
- Reports or cases listed as out of scope will not be reviewed. The out-of-scope list is available below.
- If the same bug is submitted by multiple people, only the first person who identified and reported it will be rewarded and may be listed in the related section with consent.
- All reports will receive an initial response within a maximum of 3 business days. Higher-priority reports may be reviewed faster.
- Submitting a report with a fake email address is not allowed; reports from invalid or fake accounts will not be reviewed.
- The person submitting the report must be the person who found the bug; please do not submit bugs found by others.
- EFEX may share received reports with partners, employees, or competent authorities and perform technical follow-up when necessary.
- Submitting a bug report means accepting our website terms and the EFEX bug bounty process.