Go to Home
Web3 security pattern.
Blog
Web3 security pattern.
Announcing the $1M Paxos Bug Bounty Program on Cantina
Explore the $1M Paxos bug bounty on Cantina, covering smart contracts, APIs, domains, and cross-chain infrastructure.

Announcing the $1M Paxos Bug Bounty Program on Cantina

Paul
March 27, 2026
News

Paxos is committing $1,000,000 to attract the world's best security researchers to stress-test its infrastructure. We are excited to make that a reality by launching the Paxos Bug Bounty Program right here on Cantina. Paxos recently secured an OCC national trust charter and now manages over $8 billion in issued tokens. For an institution operating at that scale and regulatory standard, uncompromising security isn't optional.

Paxos distinguishes itself by taking these requirements to the next level, leading the industry in asset protection and engineering excellence. Paxos maintains rigorous programs across design and code reviews, third-party audits, penetration testing, and red teaming. This bug bounty is the next layer.

The bug bounty program creates an environment that rewards researchers who may identify edge cases. This program highlights Paxos's dedication to security and delivers on its commitment to Aave, LlamaRisk, and the broader community when USDG launched on Aave v3.

A $1,000,000 Commitment to Security Innovation 

Paxos has set the top bounty at $1,000,000, payable in Paxos-issued stablecoins. If a researcher uncovers something high-impact and critical to the security of their infrastructure, the responsible disclosure is worth a substantial reward.

A Comprehensive Scope

The program covers both Web2 and Web3 targets.

  • Web3 Scope: All major asset smart contracts are in scope and the underlying infrastructure that powers cross-chain movements.
  • Web2 Scope: This includes Paxos's public products and services, APIs, and domains.

Getting Involved

During the initial rollout phase (the first few months), we're launching with an invite-only cohort of Cantina's top researchers before opening to the broader community.

As Eric, Paxos' Chief Information Security Officer, noted: “We chose Cantina for their web3-native focus and a researcher community with the niche expertise to assess our contracts and services holistically, with context for our unique threat surface.”

We are committed to honoring that trust. Our promise is to provide the security talent and innovative triage necessary to continuously pressure-test and validate their architecture. 

Security researchers interested in joining or responsibly reporting disclosures can request access through the program page here.

FAQ

No items found. This section will be hidden on the published page.