Security Rewards Program

Security is foundational to everything we build. PayX actively rewards researchers who responsibly disclose vulnerabilities, helping us keep every user safe.

Eligibility requirements for a security reward:

Report the issue to us directly

Keep details confidential and allow reasonable time for a patch to be developed

Act responsibly

Avoid causing harm to the platform, its data, or its users.

Maintain transparency

Do not deceive users or staff during the discovery and remediation process.

Payout Structure

There is no ceiling on payouts. Higher-severity findings with demonstrated impact are eligible for significantly larger rewards.

Indicative reward ranges by vulnerability class:

Remote code execution (RCE)

$5000

Balance manipulation

$3000

XSS/CSRF/Clickjacking impacting balances, trading, or deposits

$2000

Credential or API key exfiltration

$2000

Partial auth bypass

$1500

Other flaws leading to financial loss or data exposure

$500

Miscellaneous CSRF (excluding logout CSRF)

$500

No rewards for DDoS, self-XSS, spam, or social engineering vectors.

Discovered a security flaw?

Send us a detailed report via email. Our security team will respond promptly to investigate and resolve it.

Reach Support Submit report to Security Team