No technology is perfect. We believe collaborating with skilled security researchers across the globe is crucial to identifying weaknesses in any technology.
If you believe you have found a security issue in MoonPay, we encourage you to notify us. We welcome working with you to resolve issues promptly.
Please submit your finding through our HackerOne disclosure program as soon as possible after discovering a potential security issue.
- Submit a report via HackerOne.
- Once we assess your report, a member of our team will help triage the vulnerability.
- Once a fix is ready, we will include it in an upcoming release.
When testing, please make a good faith effort to avoid:
- privacy violations
- data destruction
- service interruption or degradation
Only interact with accounts you own or accounts for which you have explicit permission from the account holder.
While researching, please follow the defined program scope. Failure to do so may result in rejection of the submission.
The following are out of scope:
- Denial of service (DoS)
- Spamming
- Social engineering (including phishing) of MoonPay staff or contractors
Any activities conducted in a manner consistent with this policy are considered authorized conduct, and we will not initiate legal action against you.
Thank you for helping keep MoonPay and our users safe.