Plutus Bounty Hacker Update: New Version of App
At Plutus, we consider it of the upmost importance to provide privacy and security to our users. As a result, our development team have implemented numerous measures to prevent any malicious activity before it occurs.
Vulnerability Reward ProgrammePlutus recognise the importance of security researchers who invest time and effort into helping us secure our platform. As a result, anyone who reports a vulnerability that could compromise the confidentiality or integrity of our users or service, will be directly rewarded.
Security is of paramount importance, which means we will investigate all reported bugs and potential breaches. If you believe you have discovered a bug or vulnerability in Plutus.it, or any of our applications; please contact us right away at
security@plutus.itRewardsRewards will only apply to vulnerabilities found on the latest version of our app, ‘Plutus Tap & Pay’, no longer will we be rewarding bugs found on old versions.
A reward of up to $500 (paid in PLU) may be provided for the disclosure of qualified bugs (Bypassing login processes, executing code, interfering with user interaction, accessing other sessions, etc.).
Smaller vulnerabilities that do not meet our severity criteria may still be provided with a minimum of $100 (PLU) if they lead to an improvement in overall security.
Participants have until 31st December to disclose any bugs discovered. In order to abide by our policy, vulnerabilities must be disclosed privately, and provide us reasonable time to respond.
Please note: We do not reward spam or socially engineered vulnerabilities, neither do we reward vulnerabilities that have been disclosed publicly. Third-party applications such as the ones we use to test our BETA applications are not incorporated into this bounty programme. This includes Crashlytics, Telegram, etc.
The JackpotHackers will also be in with a chance of winning a $3000 (PLU) jackpot prize, one security researcher will be picked at random out of everyone that disclosed valid vulnerabilities to receive the jackpot.
Terms & Restrictions- The first person to report and disclose a bug will be rewarded.
- Publicly disclosed bugs will not be rewarded.
- The reward amounts may increase and decrease, this is at our discretion.
- We may cancel the programme at any time.
- Your testing must not violate any laws at any time.
- Bugs discovered on old app versions will not be rewarded.
- Bugs discovered after 31st December 2018 when the bounty hacker scheme finishes will not be rewarded.
- Due to legal restrictions, we cannot and will not reward residents of countries under current U.S. sanctions (including North Korea, Libya, Cuba).