1. Home
  2. Bug Bounty Programs
  3. EXNESS
HackerOne · Bug Bounty

EXNESS Bug Bounty Program

Complete guide to EXNESS's bug bounty program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

EXNESS runs a bug bounty program on HackerOne. The program has 14 in-scope assets.

14
In-Scope Assets
22h
Avg Response
92%
Efficiency
17d
Avg Bounty Time
466d
Avg Resolve

In-Scope Assets

AssetTypeMax SeverityEligible
Any subdomain application issueOTHERCriticalNo Bounty
Any subdomain infrastructure issueOTHERCriticalNo Bounty
Exness InvestorAPPLE_STORE_APP_IDCriticalBounty
Exness Trade: Online TradingAPPLE_STORE_APP_IDCriticalBounty
External service data leakage OTHERCriticalNo Bounty
api.excalls.mobiURLCriticalBounty
com.exness.android.paGOOGLE_PLAY_APP_IDCriticalBounty
exness.comURLMediumBounty
exnessaffiliates.comURLCriticalBounty
https://my.exness.com/pa/pim/managerURLHighBounty
https://my.exness.com/webtrading/URLCriticalBounty
my.exness.comURLCriticalBounty
pay.ibex.exchangeURLCriticalBounty
pwapi.ex2b.comURLCriticalBounty

Tips for Hacking EXNESS

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking EXNESS?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does EXNESS pay bounties?

Yes, EXNESS offers monetary rewards for valid security vulnerabilities.

What types of vulnerabilities does EXNESS accept?

EXNESS accepts reports for vulnerabilities found in their 14 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

Wells Fargo Bounty

HackerOne · Bug Bounty · 14 assets

Lark Technologies

HackerOne · Bug Bounty · 18 assets

Stripe

HackerOne · Bug Bounty · 47 assets