Delphi Bug Bounty


Update: As of June 3rd, 2024, the Delphi Bug Bounty is currently only paying out for P1 issues. All others will be ignored.


Delphi’s goal is to deliver institutional-grade research dedicated to the emerging frontier of crypto and digital assets to our members around the world.

It is the engineering team’s job to keep our members, partners, and employees secure. We have been engaging with the security community to achieve this goal through programs like responsible disclosure and private bug bounty.

Delphi wishes to incentivize broad, information-rich vulnerability submissions. Please note that Delphi only issues a reward if we pursue a change based on your submission.

While rewards given are solely at the discretion of Delphi, general reward ranges exist based on the severity of a vulnerability. Bugcrowd’s Vulnerability Rating Taxonomy is used for severity classification. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood, impact, or mitigating control in place. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the submitter.

Technical Severity Approximate Reward Range
P1 $250
P2 $0
P3 $0

If you would like to submit a vulnerability, please reach out to [email protected]. We require the submission to include detailed information with steps for us to reproduce the vulnerability.

By reporting the vulnerability, you agree not to disclose the vulnerability to a third party without Delphi’s written permission.

To remain compliant with this program, you are prohibited from:

  • Making more than 5 requests per second to the site
  • Accessing, downloading, or modifying data residing in an account that does not belong to you
  • Executing or attempting to execute any Denial of Service attack
  • Posting, transmitting, uploading, linking to, sending, or storing any malicious software
  • Testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of unsolicited messages
  • Testing in a manner that would degrade the operation of any Delphi systems or compromise the privacy and security of our customers.


  • Bounties will not be paid for submissions related to the domain