OKEx Introduces Security Response Center, a Bug Bounty System to Enhance Digital Asset Trading Security

OKEx, a Malta-based world-leading digital asset exchange, introduced a vulnerability reporting tool and reward scheme, OKEx Security Response Center, designed to collect, process, and fix any security vulnerability found on OKEx’s digital platforms in order to optimize users’ security for digital asset trading.

OKEx Security Response Center enables users to notify OKEx of any vulnerabilities found on OKEx’s website, app, and any other platforms of OKEx. When the vulnerabilities are reported, OKEx’s dedicated security team will take immediate actions to follow up with the security reports and inform users the results in time. As a recognition of the contribution, users will receive digital asset rewards for all valid reports based on their risk levels.

Vulnerabilities are classified into four types which are Web Platform Security Vulnerabilities, Mobile Client Vulnerabilities, API Security Vulnerabilities, and Token Smart Contract Vulnerabilities, and also into four risk, namely serious, high, medium, and low.

When submitting the report, users are required to provide sufficient information for the security team to investigate. Once the vulnerability report is confirmed as valid, OKEx customer support team will follow up with the user for details in order to fix the loophole. After the remedy work is complete, the reward will be delivered to the user’s OKEx wallet within 2 working days. Each time, a maximum of three vulnerabilities can be reported. Users can report again after the submission is accepted or rejected.

Andy Cheung, OKEx’s Head of Operations, said, “As security is one of the most important pillars we strive to enhance, this initiative not only benefits the platform, but in a deeper meaning, it will improve the whole ecosystem bit by bit. We encourage users to join hands with us and help to keep OKEx as one of the most secure places for digital assets.”

How are risks classified and what reward will be given?

1. Serious Risks
   Loopholes in our core business systems that may endanger the security of users’ assets and data.
   Reward: 8 – 10 ETH
2. High Risks
   Unauthorized operation, serious SQL injection, loopholes that could cause large-scale impact to users, source code leakage, etc.
   Reward: 5 – 7 ETH
3. Medium Risks
   Loopholes that could affect some users, alteration of user data, etc.
   Reward: 2 – 4 ETH
4. Low Risks
   Regular CSRF, SMS bombs, normal data leakage, etc.
   Reward: 0 – 1 ETH

For detailed risk classification and definitions, please refer to:
https://www.okex.com/securityRules