Bug Bounty Program

Help us maintain the highest security standards

Overview

Hentaxis is committed to ensuring the security of our hardware wallets and protecting our users' digital assets. We welcome security researchers and ethical hackers to help us identify and fix potential security vulnerabilities. This Bug Bounty Program outlines how to report security issues and the rewards available for valid submissions.

Program Scope

The following are in scope for our bug bounty program:

  • Hentaxis hardware wallet firmware
  • Cryptographic implementation flaws
  • Hardware security vulnerabilities
  • Secure element bypass methods
  • PIN protection weaknesses
  • Recovery seed generation issues
  • Transaction signing vulnerabilities
  • Physical attack vectors
  • Side-channel attack possibilities
  • Our website and web infrastructure

Out of Scope

The following are not eligible for rewards:

  • Social engineering attacks
  • Denial of Service (DoS) attacks
  • Physical theft of devices
  • Issues requiring physical access to a locked device
  • Attacks requiring the user's recovery seed or PIN
  • Known vulnerabilities already reported
  • Issues in third-party software or libraries
  • Vulnerabilities affecting outdated firmware versions

Reward Structure

Rewards are determined based on the severity and impact of the vulnerability:

Critical - $10,000 to $50,000

Vulnerabilities that could lead to complete compromise of private keys, bypass of all security measures, or massive loss of user funds.

High - $5,000 to $10,000

Serious security flaws that could result in unauthorized access to private keys or significant security degradation.

Medium - $1,000 to $5,000

Moderate vulnerabilities that could compromise security under specific circumstances.

Low - $100 to $1,000

Minor security issues with limited impact or requiring unlikely attack scenarios.

How to Report

To report a security vulnerability, please email us at:

Security Email: security@hentaxis.com

PGP Key available upon request for encrypted communications

Your report should include:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Proof of concept (if applicable)
  • Potential impact and severity assessment
  • Suggested remediation (optional)
  • Your contact information for follow-up

Responsible Disclosure Policy

We ask that you:

  • Do not publicly disclose the vulnerability until we have addressed it
  • Allow us reasonable time to fix the issue before disclosure
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • Do not access, modify, or delete user data
  • Act in good faith and avoid privacy violations

We commit to acknowledging your report within 48 hours and providing regular updates on our progress.

Legal Protection

Hentaxis will not pursue legal action against security researchers who: Follow this responsible disclosure policy Report vulnerabilities in good faith Do not cause harm to our systems or users Comply with all applicable laws

Recognition

With your permission, we will publicly acknowledge researchers who report valid vulnerabilities in our security hall of fame. You may choose to remain anonymous if preferred.

Thank You

We appreciate the security community's efforts in helping us maintain the highest standards of security. Your contributions help protect the digital assets of Hentaxis users worldwide. Thank you for making the cryptocurrency ecosystem more secure.