Ripple Bug Bounty Programs
Ripple is committed to maintaining our customers’ security and privacy and the data they entrust to us. As part of this commitment, we have a bug bounty program to identify and address security vulnerabilities in our software and systems.
We have multiple programs managed in partnership with Bugcrowd and they all operate as a private program. Participation is by invitation only.
If you would like to be considered, please email us on bugs@ripple.com with following information:
- Your Bugcrowd handle or the email address associated with your Bugcrowd account.
- The programs you would like to join i.e.,
| # | Program Name | Description | Expertise Required |
|---|---|---|---|
| 1 | Ripple Bug Bounty Program | External assets and Ripple Payment Products | API, Web |
| 2 | Ripple XRP Ledger Managed Bug Bounty Program | XRP Ledger (xrpld, Clio, xrpl.js, xrpl-py, xrpl4j) | Blockchain, Web3 |
| 3 | RLUSD (Stablecoin) Contracts Bug Bounty Program | RLUSD contracts | Blockchain, Web3 |
| 4 | XRPL EVM Side chain Managed Bug Bounty | XRPL EVM Sidechain | lockchain, Web3 |
Once you are invited to the program, please review the rules of engagement and policies carefully.
We appreciate your continued support and dedication to helping strengthen the security of our platform. If you would like to learn more about our Bug Bounty programs, you can read more at https://ripple.com/legal/bug-bounty/
Legal
We will treat with the strictest of confidence any reports of security vulnerabilities made to us by security researchers under the bug bounty program. However, we reserve the right to take legal action against anyone who abuses the program or engages in any illegal activity.