Is a Bug Bounty Program Available on Delta Exchange?

Yes! Delta Exchange runs an active Bug Bounty Program to improve platform security by collaborating with independent security researchers.

What Is In Scope?

• Target Domains: https://*.delta.exchange (excluding devnet, testnet, demo)
  
  

• Eligible issues include:
  
  

  • User data leaks
    
    

  • Injection vulnerabilities (XSS, SQLi, RCE, etc.)
    
    

  • Authentication or authorization flaws
    
    

  • Privilege escalation bugs 
    
    

 How Much Can I Earn?

Rewards vary based on severity:

• Critical (P1): $100–$1,000
  
  

• Severe (P2): $100–$500
  
  

• Moderate (P3): $10–$100
  
  

 How Do I Participate?

1. Create a test account (e.g., using an email with “test” is mandatory.).
   
   

2. Identify vulnerabilities in production or dev environments.
   
   

3. Submit via email only to security@delta.exchange (use PGP for severe/critical issues)
   
   

What Is Out of Scope?

Excluded issues include:

• Low-impact bugs (open redirects, missing headers, etc.)
  
  

• Issues affecting test/demo environments or outdated libraries
  
  

• Automated scanning findings and minimal-security bugs 
  
  

 Basic Rules:

• No automated scans without prior approval
  
  

• Avoid social-engineering, phishing, or DDoS attacks
  
  

• Don’t target real user accounts or sensitive data without permission
  
  

• No public disclosure before a fix is confirmed 
  
  

 Want to Learn More?

Visit the full details on the Bug Bounty Program page here: https://www.delta.exchange/bug-bounty-program