In order to ensure our userbases safety HANSA supports bug hunting efforts and rewards those who find serious vulnerabilities on our market.
Based on severity of the bug and completeness of the submission, which we will decide at our sole discretion, we offer the following rewards:
- Vulnerabilities that could severely disrupt HANSA's integrity (for example any IP address, personal information of a user or vendor): 10 BTC
- Non critical bugs and vulnerabilities: 1 BTC
- Simple display bugs or unintended behavior: 0.05 BTC
To be eligible, you must demonstrate a security compromise on our market using a reproducible exploit. Should you encounter a bug please open a ticket and inform us about your findings.
Guidelines for you :
- Don't make the bug public before it has been fixed.
- Don't perform any attack that could harm the reliability/integrity of our market
- Do not impact other users with your testing, this includes testing for vulnerabilities in accounts you do not own.
- Don't attempt to gain access to another user's account or data. Use your own test accounts for cross-account testing.
- The more thorough the proof-of-concept, the higher the chance a payout will be awarded.
Guidelines for HANSA: :
- We will respond to you as fast as we can.
- We will keep you updated as we work to fix the bug you submitted.
More information on Hansa Market Subreddit: /r/HansaDarknetMarket/
good to see markets taking security seriously. one suggestion which I would also like to see implemented:
market admins: you could create a "security hotline". This is a separate support system specifically for security bugs which should be checked as often as possible. If a new message gets send, the market staff should receive an important notification and immediately check on it. If a user misuses that hotline, he should get banned.