Security
Bug Bounty
We pay for valid reports that help us keep PayNexor safe for everyone.
PayNexor runs a simple bug bounty program. If you find a security or reliability issue that affects our platform, we will pay you for a valid report. Rewards are based on how serious the bug is and how many users it could affect — not on how long your write-up is.
We care most about issues that could put user accounts, funds, or trading activity at risk. That includes authentication bypasses, unauthorized access to other users' data, API key exposure, order or balance manipulation, and similar high-impact problems. Lower-severity bugs — UI glitches, typos, or cosmetic issues — may still be appreciated, but they are not eligible for a cash reward.
Reward amounts are not fixed. We evaluate each report on its own merits: severity, exploitability, scope, and the number of users who could be affected. As our user base grows, payouts for serious findings may increase accordingly. We reserve the right to determine eligibility and payout at our discretion.
To submit a report, use our official Contact page or in-platform support channel. Include a clear description of the issue, steps to reproduce it, and the impact you believe it has. Do not publicly disclose the vulnerability before we have had a reasonable chance to fix it.
Please test only against accounts and systems you own or have explicit permission to test. Do not access other users' data, disrupt live trading, or perform destructive actions. Good-faith researchers who follow these rules will be treated fairly.