Financial services platform Robinhood has made some big changes to its security bug bounty program, including a new $50,000 reward for anyone who can find a critical error in their system. Following recent trends from an increasing number of crypto and blockchain platforms, the Robinhood security team believes that their bug bounty program plays an irreplaceable role in keeping their platform secure for their customers.
“In the past, we weren’t always clear about the types of reports we were looking for, or how we’d reward researchers for filing those reports — so we’re launching a new program with bounty ranges for specific types of vulnerabilities (or “bugs”),” writes Security Lead Karthik Rangarajan in a recent press announcement. “We want to make Robinhood a tantalizing target for researchers and it’s important that, as a researcher, you know your time won’t be wasted finding potential bugs in our software.”
First launched in 2013, Robinhood is a US-based financial services company headquartered in Menlo Park, California. Traditionally known for allowing users to invest in commission-free US stocks, ETFs and options, Robinhood began to make waves in the cryptocurrency world when it announced at the beginning of this year that the site would begin to offer commission-free cryptocurrency trading. Interestingly, 80 percent of Robinhood’s customers belong to the ‘millennial generation’ (people between the ages of 18 and 29). Wall Street Journal reported the average Robinhood customer age was 26.
Robinhood’s Bug Bounty Payout System
Robinhood’s new bug bounty program is hosted by security platform HackerOne and breaks down into a 9-tiered system. Prize payouts range from $100 rewards for open redirect vulnerability detection all the way up to $50,000 for Remote Code Execution (RCE) error detection.
HackerOne hosts numerous bug bounty programs for cryptocurrency platforms including Ontology and 5th-ranked cryptocurrency EOS. New data from earlier this month revealed that EOS has paid out nearly half a million dollars in bug bounties since its mainnet launch in June, making up over two-thirds of all bug bounties paid by blockchain companies so far this year.
Suggested Reading : Learn more about EOS in our ‘What is EOS?‘ beginner’s guide.
The growing security threats facing cryptocurrency and blockchain platforms are making bug bounty programs an essential tool in protecting customer security.
HackerOne CEO Martin Mickos told Hard Fork, “For cryptocurrency and more broadly blockchain technologies and companies to grow and prosper, on-going security vetting by independent hackers is a must … With a large community of hackers looking for security vulnerabilities, there is a real chance of finding and fixing the weaknesses in time.”