OKEx Introduces Bug Bounty System to Enhance Digital Asset Trading Security
This Tuesday, October 27, OKEx, a Malta-based digital asset exchange announced it had just introduced a new feature – OKEx Security Response Center, which enables the use of a vulnerability reporting tool and reward scheme.
The purpose of the new feature
The newly introduced feature is said to optimize users’ security for digital asset trading by collecting, processing, and fixing any security vulnerability found on OKEx’s digital platforms.
OKEx is an industry-leading digital asset exchange that offers digital assets trading services involving futures trading, token trading, and index tracker to global traders using the blockchain technology. OKEx currently has more than 400 token and futures trading pairs and several tools that help users optimize their strategies and improve their tactics. The platform operates in more than 100 countries and serves millions of users while providing them with a safe, reliable, and stable environment for digital asset trading.
The exchange Security Response Center introduces a new method of notifying users of the vulnerabilities found in the market. It enables OKEx to rapidly identify any vulnerabilities found on the company’s website, app, and any other of it platforms. With this, OKEx will enable an extra layer of protection to the users.
Andy Cheung, OKEx’s Head of Operations, stated on the press release:
“As security is one of the most important pillars we strive to enhance, this initiative not only benefits the platform but in a deeper meaning, it will improve the whole ecosystem bit by bit. We encourage users to join hands with us and help to keep OKEx as one of the most secure places for digital assets.”
OKEx already has some established procedures; if vulnerabilities are detected, the platform’s dedicated security team is prepared to take immediate actions as well as it sends security reports to keep the users informed. All the users will be able to participate and as recognition by their contribution, users will be rewarded with digital assets if the issues reported are valid and according to their risk levels.
Vulnerability Classification
According to the OKEx press release, vulnerabilities are classified into four types and four Levels of security:
- Web Platform Security Vulnerabilities
- Mobile Client Vulnerabilities
- API Security Vulnerabilities
- Token Smart Contract Vulnerabilities
Vulnerabilities also fall into four risk categories which are Serious, High, Medium and Low.
Risks classification and Reward scheme
1. Serious Risks
Loopholes in our core business systems that may endanger the security of users’ assets and data.
Reward: 8 – 10 ETH
2. High Risks
The unauthorized operation, serious SQL injection, loopholes that could cause a large-scale impact on users, source code leakage, etc.
Reward: 5 – 7 ETH
3. Medium Risks
Loopholes that could affect some users, alteration of user data, etc.
Reward: 2 – 4 ETH
4. Low Risks
Regular CSRF, SMS bombs, normal data leakage, etc.
Reward: 0 – 1 ETH
Submitting vulnerability reports
To submit reports, users will have to follow specific guidelines and are required to provide enough information to further help the security team with the investigations. After the report is delivered, the security team will analyze the issue and once it is taken as a valid vulnerability, OKEx follows up with the user and ask for more details in order to patch the bug. After the work is done, the user who made the report will receive his reward in his OKEx wallet in about two business days. Users can only file three vulnerabilities each time in one report. After their submission been examined and accepted or rejected users can submit a new report.
With the new Security Response Center feature, OKEx plans to enhance the platform security by allowing and rewarding its users to participate in the vulnerability hunt.
