Circle Bug Bounty.
Find a vulnerability, get paid. Up to $1M for critical issues in the USDC contracts or core infrastructure.
Find it, report it, get rewarded.
Circle's bug bounty invites security researchers to probe the systems that secure billions in value. The scope covers USDC contracts, CCTP, Circle APIs, Wallets, and the Console — and critical findings earn up to $1M.
The program runs on HackerOne with coordinated disclosure, clear severity tiers, and a public hall of fame recognizing the researchers who keep the ecosystem safe.
- Up to $1M for critical, funds-at-risk findings
- Scope: USDC contracts, CCTP, APIs, Wallets, Console
- Managed on HackerOne with coordinated disclosure
Up to $1M
For critical issues that put customer funds at risk.
Scope
USDC contracts, CCTP, Circle APIs, Wallets, and Console.
On HackerOne
Coordinated disclosure managed via HackerOne.
Public hall of fame
Recognition for top researchers.
Questions worth asking.
Build with Circle.
Start in the sandbox, ship to production in days. Or talk to our team about a deeper partnership.