Echobit highly values the security of our platform and the safety of users’ assets. To continuously improve our security posture, we have established the Echobit Bug Bounty Program. We welcome security researchers and white-hat hackers to report potential vulnerabilities. Rewards will be granted based on the severity and impact of the reported issue.
In Scope (Eligible Vulnerabilities)
Reports may be eligible for rewards if they involve vulnerabilities that could lead to meaningful security risk, including but not limited to:
- Vulnerabilities that may result in loss of user assets
-
Authentication or authorization bypass, such as:
- privilege escalation / unauthorized access
- session hijacking
-
High-risk server-side vulnerabilities, such as:
- Remote Code Execution (RCE)
- SQL Injection (SQLi)
- Sensitive information disclosure
- Business logic vulnerabilities that impact platform security, user funds, or critical workflows
Out of Scope (Not Eligible)
The following are not eligible under this program:
-
Attacks that rely on unreasonable user actions or user deception, including:
- social engineering
- phishing
- DDoS attacks or stress/load testing on the production environment
- Issues that are publicly disclosed already or duplicate reports previously submitted
- Vulnerabilities involving third-party services or assets not related to the Echobit platform
Reward Tiers
Rewards are determined by the vulnerability’s severity level:
- Critical
- High
- Medium
- Low
How to Submit a Report
Please submit vulnerability details via Echobit’s official security reporting email: marketing@echobit.com
To help us validate and handle your report efficiently, include:
- Clear step-by-step reproduction instructions
- The affected scope (systems, endpoints, pages, accounts, scenarios)
-
Necessary supporting materials, such as:
- screenshots
- logs (if applicable)
- PoC details (as appropriate)
After confirmation, our security team will contact you to discuss handling progress and reward arrangements.
Responsible Disclosure Policy
To protect users and the platform, all participants must follow responsible disclosure principles:
- Do not publicly disclose the vulnerability before it is fixed and you have received authorization
- Do not access, extract, or retain data beyond what is necessary to validate the vulnerability
- Do not modify or destroy user data or interfere with platform availability
- Do not use vulnerabilities for profit or harm other users’ interests
Important Notice
Malicious attacks, unauthorized data access, or asset theft are not protected under this program. Echobit reserves the right to pursue legal responsibility for any illegal or harmful actions.
Echobit Official Channels
Website: http://echobit.com/
Linktree: https://linktr.ee/Echobit_Exchange
Twitter: https://x.com/EchobitExchange
Telegram: https://t.me/EchobitOfficial
Facebook: https://www.facebook.com/EchobitOffical