Skip to content
The Nexus
SECURITYApr 25 · 17:49 UTCR/DEFI/u/jalia_

Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?

A security researcher reported critical vulnerabilities to Deribit through its bug bounty program, but the exchange silently patched the issues and ignored the researcher for 70+ days, refusing to communicate or pay. Deribit's 'unmanaged' HackerOne program status prevents forced resolution, raising concerns about transparency and trust in its security practices.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this