HashMix Bug Bounty


Security is always core to HashMix. We’d like to use as much help as we could get to optimize the security of our system. Therefore, we encourage our community to audit the security and report any potential issues. A responsible report can earn a reward of up to USD 100,000$.


The primary scope of this bounty program is for HashMix Lending and related products.

The scope may change as current products may be upgraded, and new products may be released.


  • Public disclosure of a vulnerability would make it ineligible for a reward.
  • Technical knowledge is required for the process.
  • Duplicated issues are not eligible for the reward. The first submission would be the eligible one.
  • Rewards will be decided on a case-by-case basis, and the bug bounty program, terms, and conditions are at the sole discretion of HashMix.
  • Rewards will vary depending on the severity of the issue. Other variables considered for rewards include the quality of the issue description, the instructions for reproducibility, and the quality of the fix (if included).
  • Submissions need to be related to the Scope. Submissions out of the Scope won’t be eligible for a reward.
  • Avoid violating the privacy of others, disrupting our systems, destroying data, or harming the user experience.
  • Not engage in blackmail, extortion, or any other unlawful conduct.
  • Terms and conditions of the bug bounty process may vary over time.


  • Denial of Service attacks and Active Exploits against the HashMix platform.
  • Social engineering and phishing of HashMix project contributors, ecosystem collaborators, or community members.
  • Physical or electronic attempts to access offices where project contributors work or data centers.
  • Compromising user accounts or stealing funds.


The reward of reporting a bug would be $100 to $100,000 based on the rules provided.

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with it.


Please submit all bug bounty disclosures to dev@hashmix.org. The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format. We’ll follow up as soon as possible.




HashMix is a fully decentralized hash power tokenization and circulation platform. Empower hash power with NFT and DeFi tools!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What is a Security Posture and How Can You Evaluate It?


Gyro Testnet Analytics

a proud space frog, very valuable jpg and honorary Gyroscope user

$50000 Giveaway Register & Deposit DOGE/XRP to Win Big Bonus!

Hostinger India Review 2021: Is This A Reliable Web Host?

Summary of “A Novel Approach to Prevent Cache-Based Side-Channel Attack in the Cloud”

It’s Time to Kill our Passwords

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


HashMix is a fully decentralized hash power tokenization and circulation platform. Empower hash power with NFT and DeFi tools!

More from Medium

FairySwap.Finance: Setting up MetaMask for FRC-20 Tokens

Welcome Event — ALOHA

Meme Contest Alert — Get Creative & Win $AIIP !!!

Seascape Network Trade & Win Competition 🏆