Vulnerability Disclosure Program (VDP)

At Bitvavo, we are committed to ensuring the security of our information, systems, and services, and we value the role of security researchers in helping us mitigate cybersecurity risks. The purpose of this page (the “Vulnerability Disclosure Program”) is to provide you with all the information you need if you have discovered or believe to have discovered a potential vulnerability in any of our services.

We are committed to ensuring our security is top tier and really appreciate the help of our community to achieve this. To make sure that any disclosures are made responsibly please ensure you follow the terms below:

  • All submissions should be made through the Intigriti platform, you will need to register on the platform by using the link at the bottom of this page.

  • The scope of testing is limited to systems, applications, and services explicitly listed in the Intigriti platform. 

  • All rewards will be in the form of Intigriti reputation points and managed by Intigriti in accordance with their terms and conditions. More information can be found here - https://kb.intigriti.com/en/articles/3379630-leaderboard-reputation-and-streak.

  • We request that you refrain from sharing any details regarding a vulnerability with others until we indicate that it has been resolved and may be disclosed.

  • We request that you refrain from sharing any details regarding a vulnerability with others until we indicate that it has been resolved and may be disclosed. We reserve our right to take legal action if this is not followed.

  • If you do discover a vulnerability and come into possession of personal data about Bitvavo customers or employees you must ensure this is redacted as soon as you have made the disclosure through the form below. 

  • None of the research you have undertaken when reporting a vulnerability should have been obtained by unlawful means.

We appreciate the efforts of the security community to help us protect our platform and our customers. Thank you for contributing responsibly to Bitvavo’s security.

Bitvavo reserves the right to modify or terminate this policy at any time.

Frequently asked questions

Kindly refer to the Out-of-Scope section detailed in our Intigriti program.

Once validated by Intigriti you will receive Intigriti reputation points as mentioned on this page: https://kb.intigriti.com/en/articles/3379630-leaderboard-reputation-and-streak

Duplicate or previously known vulnerabilities will not be eligible for reward.

We ask that any details remain confidential to best protect our community. This is in line with Intigriti’s Researcher Terms and Conditions - https://kb.intigriti.com/en/articles/5466165-researcher-terms-conditions. If you have any further questions on this please contact Intigriti at [email protected]

Submit vulnerability report

Submit vulnerability

Bitvavo B.V.

[email protected]

HomeLearnNewsSupportKlachtenVeiligheidAffiliatesInstitutionalOver onsVacaturesLandenPers

InloggenAanmeldenMarktenKostenPrijsbeleidStatusNetwerkenPro ModeAPI DocsHandelsregels

Bitcoin kopenBitcoin koersEthereum kopenEthereum koersXRP kopenXRP koersCardano kopenCardano koers

GebruikersovereenkomstPrivacyverklaringCookieverklaringCookie instellingenRisk disclosureImpressumDeveloper overeenkomstHandelsregelsBelangenconflictenToegankelijkheidsverklaringVulnerability Disclosure

Bitvavo B.V.

Het handelen in digitale assets brengt aanzienlijke risico’s met zich mee. Digitale assets zijn zeer volatiel en het is mogelijk om (een deel van) de inleg te verliezen. De informatie op deze pagina vormt geen advies en mag niet als zodanig worden opgevat. Aan Bitvavo B.V. is een vergunning verleend als aanbieder van cryptoactivadiensten op grond van Verordening (EU) 2023/1114 (MiCA) door de Autoriteit Financiële Markten (AFM), Vijzelgracht 50, 1017 HS Amsterdam. Beijk onze Risk Disclosure voor meer informatie.

Bitvavo is geregistreerd bij de Nederlandse Kamer van Koophandel onder nummer 68743424.