Bug Bounty Program

Security first. And it is rewarded.

The security of the Hive OS system is one of our main goals. Help us with it, find vulnerabilities — and get rewarded.

How does the program work?

Remuneration is possible in case the following rules are observed:

  1. You must be the first user to submit a vulnerability report.
  2. The detected vulnerability must fall into one of the categories described below.
  3. You must provide a description of the steps required to reproduce the vulnerability.
  4. You agree to maintain the confidentiality of your communication with the Hive OS team — this means that you should not send reports or evidence to other users or companies.
  5. The in-scope domains (not including sub-domains) are as follows: hiveos.farm, the.hiveos.farm, hiveon.net.

The list of vulnerabilities

The detected vulnerability must fall into one of the following categories:

  • Cross-site request forgery that has serious security impact
  • Cross-site scripting (excluding Self-XSS)
  • Server side request forgery
  • Cross origin resource sharing that has serious security impact
  • Open Redirect that has serious security impact
  • SQL injection
  • Privilege escalation
  • Directory traversal
  • Payment manipulation
  • Remote code execution
  • Local file inclusion
  • Remote file inclusion
  • Leakage of sensitive data
  • Authentication bypass

What is the amount of the reward?

  • The reward amount is $10-$20. Threshold values ​​are not subject to negotiation or change.
  • We pay much more ($500+) for the following vulnerabilities: leakage of sensitive data, payment manipulation, authentication bypass, SQL injection.
  • One confirmed vulnerability equals one reward.


  • You must not violate the privacy of other users, destroy any data, or disrupt the operation of our services.
  • To search for vulnerabilities, you should use only your personal Hive OS account. The use of other users' accounts is prohibited.
  • Do not try to affect our physical security measures, do not use spam, social engineering, DDOS attacks, or other techniques.
  • If you find a vulnerability that allows access to the system, you should notify us immediately — do not continue to investigate the vulnerability yourself.
  • Exploiting the vulnerability for your own benefit cancels your participation in the program — in this case, no remuneration will be paid.

Your attentiveness can earn you a reward and help make Hive OS even more secure. If you find a vulnerability, please email us at [email protected]. Let’s improve Hive OS together!