Unbanked strongly believes in the value of security professionals and developers assisting in keeping our products and users safe. Unbanked has established and encourages the use of responsibly disclosing all security vulnerabilities in our Bug Bounty Program. The Bug Bounty program serves the Unbanked mission by helping us be the most trusted company in the digital currency market.

Unbanked agrees not to initiate legal action for security research performed following all posted Unbanked Bug Bounty policies, including good faith, accidental violations. We believe activities conducted consistent with this policy constitute “authorized” conduct under the Computer Fraud and Abuse Act, the DMCA, and applicable anti-hacking laws such as Cal. Penal Code 503(c). We will not bring a claim against researchers for circumventing the technological measures we have used to protect the applications in the scope of the Bug Bounty Program.

It is required that each researcher submit a notification to use before engaging in conduct that may be inconsistent with or unaddressed by policy.


All bounty submissions are rated by Unbanked and paid out based on vulnerability rating. All payouts

will proceed in USDC or UNBANKED and are defined as a guideline and subject to change.



Vulnerability Ratings

Critical severity issues present a direct and immediate risk to a broad array of our users or to Unbanked itself. They often affect relatively low-level /foundational components in one of our application stacks or infrastructure. For example:

High severity issues allow an attacker to read or modify highly sensitive data that they are not authorized to access. They are generally more narrow in scope than critical issues, though they may grant an attacker extensive access. For example:

Medium severity issues allow an attacker to read or modify limited amounts of data that they are not authorized to access. They generally grant access to less sensitive information than high severity issues. For example:

Low severity issues allow an attacker to access minimal amounts of data. They may violate an expectation for how something is intended to work, but it will enable nearly no escalation of privilege or ability to trigger unintended behavior by an attacker. For example:


Reports in which we are not interested to include:

Want to be an owner in Unbanked? Limited shares available at a 20% discount. 🔥
This is default text for notification bar