Blockchain security company SlowMist announced on October 12 on Twitter that cryptocurrency exchange KuCoin joined their SlowMist Zone and launched a security vulnerability and threat intelligence bounty program. According to the announcement, the reward for finding serious vulnerabilities can be as high as $10,000.
Once a bug has been reported, it can take up to 3 days for SlowMist to deal with the problem and update the bug reporter on its status. For critic vulnerabilities, the reporter can earn between $2,500 and $10,000 worth of the KuCoin KCS token, along with an additional 512 SLOWMIST tokens. However, as of now, SLOWMIST tokens aren’t really worth anything at all.
Other bugs reported can earn up between $10 and $2,500 depending on the level of risk the vulnerability poses. High-risk vulnerabilities include those that can gain system access, leak source code or access sensitive information.
They also mention a list of vulnerabilities that they will not accept for the bounty program. These include theoretical vulnerabilities with no PoC, vulnerabilities relating to Email verification defects and those that require physical access to the device or root privileges.