Vulnerability Disclosure Program (VDP)

At Bitvavo, we are committed to ensuring the security of our information, systems, and services, and we value the role of security researchers in helping us mitigate cybersecurity risks. The purpose of this page (the ā€œVulnerability Disclosure Programā€) is to provide you with all the information you need if you have discovered or believe to have discovered a potential vulnerability in any of our services.

We are committed to ensuring our security is top tier and really appreciate the help of our community to achieve this. To make sure that any disclosures are made responsibly please ensure you follow the terms below:

  • All submissions should be made through the Intigriti platform, you will need to register on the platform by using the link at the bottom of this page.

  • The scope of testing is limited to systems, applications, and services explicitly listed in the Intigriti platform.Ā 

  • All rewards will be in the form of Intigriti reputation points and managed by Intigriti in accordance with their terms and conditions. More information can be found here - https://kb.intigriti.com/en/articles/3379630-leaderboard-reputation-and-streak.

  • We request that you refrain from sharing any details regarding a vulnerability with others until we indicate that it has been resolved and may be disclosed.

  • We request that you refrain from sharing any details regarding a vulnerability with others until we indicate that it has been resolved and may be disclosed. We reserve our right to take legal action if this is not followed.

  • If you do discover a vulnerability and come into possession of personal data about Bitvavo customers or employees you must ensure this is redacted as soon as you have made the disclosure through the form below.Ā 

  • None of the research you have undertaken when reporting a vulnerability should have been obtained by unlawful means.

We appreciate the efforts of the security community to help us protect our platform and our customers. Thank you for contributing responsibly to Bitvavoā€™s security.

Bitvavo reserves the right to modify or terminate this policy at any time.

Frequently asked questions

Kindly refer to the Out-of-Scope section detailed in our Intigriti program.

Once validated by Intigriti you will receive Intigriti reputation points as mentioned on this page: https://kb.intigriti.com/en/articles/3379630-leaderboard-reputation-and-streak

Duplicate or previously known vulnerabilities will not be eligible for reward.

We ask that any details remain confidential to best protect our community. This is in line with Intigritiā€™s Researcher Terms and Conditions - https://kb.intigriti.com/en/articles/5466165-researcher-terms-conditions. If you have any further questions on this please contact Intigriti at [email protected]

Submit vulnerability report

Submit vulnerability

Bitvavo B.V.

[email protected]

HomeLearnNewsSupportComplaintsSecurityAffiliatesInstitutionalAbout UsCareersCountriesPress

LoginSign UpAssetsFeesPricing PolicyStatusNetworksPro ModeAPI DocsTrading Rules

Buy BitcoinBitcoin PriceBuy EthereumEthereum PriceBuy XRPXRP PriceBuy CardanoCardano Price

User AgreementPrivacy NoticeCookie StatementCookie SettingsRisk DisclosureImprintDeveloper AgreementTrading RulesConflict of Interest DisclosureAccessibility StatementVulnerability Disclosure

Bitvavo B.V.

Trading digital assets involves significant risks. Digital assets are highly volatile and you may lose some or all of your investment. The information on this page does not constitute advice, and should not be relied upon as such. Bitvavo is authorized as a crypto-asset service provider under Regulation (EU) 2023/1114 (MiCA) by the Autoriteit Financiƫle Markten (AFM), Vijzelgracht 50, 1017 HS Amsterdam. More info can be found in our Risk Disclosure.

Bitvavo is registered at the Dutch Chamber of Commerce, number 68743424.