Update: As of June 3rd, 2024, the Delphi Bug Bounty is currently only paying out for P1 issues. All others will be ignored.
Delphi’s goal is to deliver institutional-grade research dedicated to the emerging frontier of crypto and digital assets to our members around the world.
It is the engineering team’s job to keep our members, partners, and employees secure. We have been engaging with the security community to achieve this goal through programs like responsible disclosure and private bug bounty.
Delphi wishes to incentivize broad, information-rich vulnerability submissions. Please note that Delphi only issues a reward if we pursue a change based on your submission.
While rewards given are solely at the discretion of Delphi, general reward ranges exist based on the severity of a vulnerability. Bugcrowd’s Vulnerability Rating Taxonomy is used for severity classification. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood, impact, or mitigating control in place. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the submitter.
| Technical Severity | Approximate Reward Range |
| P1 | $250 |
| P2 | $0 |
| P3 | $0 |
If you would like to submit a vulnerability, please reach out to [email protected]. We require the submission to include detailed information with steps for us to reproduce the vulnerability.
By reporting the vulnerability, you agree not to disclose the vulnerability to a third party without Delphi’s written permission.
To remain compliant with this program, you are prohibited from:
Exclusions: