As a software engineer, I recently had a negative experience with one of the world’s biggest cryptocurrency exchanges, Binance. On March 20th, I contacted Binance through Bugcrowd, submitting a bug report for a bug I discovered in Futures trading. I provided a step-by-step guide on how to reproduce the bug, as well as my best guess on what was going wrong and how to fix it.
The very next day, Binance got back to me and rejected my claim, stating that the issue wasn’t real and that everything was working fine. I was shocked, as I had attached a screenshot to provide proof of the bug.
Today, I’m sad and frustrated to find out that Binance implemented my solution without rewarding me through their bug bounty program. I had assumed that bigger companies would be more ethical and professional, but it turns out I was wrong.
I have been spending the past 10 hours speaking with chat support and trying to point out the issue and ask them to check the logs and come back to me with an answer. Unfortunately, the conversation has been going in circles, and the bug severity (a P3 bug, which is worth between $600 and $1500) has still not been addressed.
The bug is not about taking money from the platform, but rather avoiding liquidation when it gets triggered. Now that it is fixed, I think I’ll just let it go and move on. It’s disappointing that my efforts in reporting the bug were not rewarded, but I’m glad that the issue has been resolved and that no one else has to suffer the consequences of this bug.