LeverEX Bug Bounty Program

From ~$25 for participation to ~$1250 for security bugs

Denis Gorbachev
2 min readAug 6, 2018


LeverEX exchange is launching a bug bounty program for talented developers and white-hat hackers:

  • You get 1000 LEX tokens (~$25) for participation (free).
  • You get 3000 LEX tokens (~$75) for each regular bug.
  • You get 10000 LEX tokens (~$250) for each critical bug.
  • You get 50000 LEX tokens (~$1250) for each security bug.
  • You don’t need to deposit real money to start trading.

How to participate

  1. Join our Telegram group: “LeverEX Official”.
  2. Request API access from Denis Gorbachev.
  3. Start trading with Cryptozaur.
  4. Found a bug? Send reproduction steps to Telegram group (so that everyone knows you found it first).

How to trade

You can trade using ETH_D and BTC_D demo balances (no need to deposit real funds).

To execute trades, you have two options:

./cryptozaur add.account leverex [your_key] [your_secret]./cryptozaur show.balances leverex./cryptozaur buy leverex ETH_D:BTC_D 0.07 1.0./cryptozaur sell leverex ETH_D:BTC_D 0.08 2.0./cryptozaur show.orders leverex./cryptozaur cancel leverex ETH_D:BTC_D 1217


How do I claim a bonus for participation (1000 LEX tokens)?

  1. Reach 1 BTC_D trading volume on your orders.
  2. Send a message to Denis Gorbachev.

Only first 25 developers are eligible for bonus.

What is the scope of bug bounty program?

The bug bounty program covers all API endpoints:

  • REST API is covered.
  • WebSocket API is covered (we’ll publish the docs soon).
  • User interface is not covered (we’re still working on it).

How do you classify the bugs?

  • A security bug is a bug that allows to execute actions from a different account or manipulate balances directly.
  • A critical bug is a bug that breaks database consistency (e.g. filling a buy order without filling a sell order).
  • A regular bug is any other bug (e.g. trade doesn’t show up in API).

If you believe your bug qualifies for a higher grade, feel free to mention that in bug report.

Ready to break our system? Join the Telegram group & request API access!