Robinhood Updates Security Bug Bounty Program

The new program will offer $50,000 rewards

Robinhood’s security team loves getting bug reports. Not enough to introduce bugs on purpose, but enough to give our HackerOne bug bounty program some much needed love. Our bug bounty is one way to keep Robinhood at the leading edge of the information security industry, and help keep our systems secure for our customers.

Today, we’re updating and increasing our reward amounts, as well as clarifying the scope of the program and the eligibility requirements.

In the past, we weren’t always clear about the types of reports we were looking for, or how we’d reward researchers for filing those reports — so we’re launching a new program with bounty ranges for specific types of vulnerabilities (or “bugs”). We want to make Robinhood a tantalizing target for researchers and it’s important that, as a researcher, you know your time won’t be wasted finding potential bugs in our software.

Below is the table we’ll be using to determine bounties. It’s important to note that eligible vulnerabilities and rewards may change over time, and that eligibility of a bug is ultimately determined at the sole discretion of the Robinhood security team. We may also reward researchers for finding bugs that don’t fit in one of the predefined categories.

You can find all of these details, and anything else you should know before you start testing, on our HackerOne page.

Happy hunting!