Bug Bounty Program

Report security vulnerabilities and earn rewards. Gem Wallet's bug bounty program rewards researchers for finding vulnerabilities that may result in loss of user funds, secret phrase exposure, or privacy breaches.

In Scope
  • Private key extraction or exposure
  • Key generation weaknesses (RNG, WalletCore, keystore)
  • Seed import/export vulnerabilities (clipboard, encryption)
  • Derivation path manipulation (BIP32/44/49/84)
  • Transaction signing flaws (domain separation, deterministic signing)
  • Authentication bypasses (biometric, PIN)
  • Storage encryption weaknesses
  • Memory leaks exposing sensitive data
  • Any vulnerability leading to loss of funds, secret phrase exposure, or privacy breaches
Out of Scope
  • Social engineering or phishing
  • Denial of Service attacks
  • Physical device theft
  • Third-party blockchain node issues
  • Root/jailbreak required exploits
  • Network-level attacks (MitM on public WiFi)
  • Blockchain protocol vulnerabilities

We respond to security reports within 24-48 hours.

[email protected]