Responsible Disclosure of Security Vulnerabilities

We want Coindrawer to be as secure as possible. If you believe that you have found a bug or vulnerability on Coindrawer, we appreciate your help in disclosing it to us as quickly as possible.


While we appreciate being notified of all bugs, disclosing these bugs publicly can jeopardize the security of Coindrawer and put all users at risk. If you discover a bug or security issue, please email us at Please include all relevant information, including the steps to reproduce the bug as well as the description of the bug.

To adhere to our responsible disclosure policy, please give us a reasonable amount of time to respond to your report and address the bug before disclosing it publicly. Please act in good faith with regard to our users' data and privacy.


We have no minimum or maximum reward. The reward is determined based upon the severity of the bug discovered. Rewards are paid in BTC to the email address of a Coindrawer account holder.


To qualify, you must:

  • Report a new bug that has not been previously identified
  • Comply with our responsible disclosure policy
  • Report a bug that has the potential to compromise user data or cause financial loss, such as:
    • Cross-Site Request Forgery (XSRF)
    • Cross-Site Scripting (XSS)
    • Privilege Escalation
  • Not interact with any other accounts without the express permission of the account's owner
Coindrawer reserves the right to determine if a bug report qualifies for a bounty and will not participate in eligibility negotiations. Please respect this.


Thank you to the following people who have helped keep Coindrawer safe: