The Tonkeeper bug bounty initiative is significant for the TON community, as wallets are crucial entry points for users handling assets like Toncoin and USDT. By openly inviting ethical hackers and researchers to participate, Tonkeeper demonstrates a proactive approach to risk mitigation in the fast-evolving TON ecosystem. The program encourages responsible disclosure, safeguards user assets, and helps maintain trust within the community as TON-based applications and integrations grow in complexity. For both users and builders, following the outcomes of such security initiatives is essential, as they set the bar for responsible development and ongoing ecosystem resilience.
What Is the Tonkeeper Bug Bounty Program?
Under the program’s terms, users who discover vulnerabilities can submit their findings directly to Tonkeeper by email, providing details about the issue. Eligible vulnerabilities are those that affect Tonkeeper’s products and services—the scope does not extend to third-party integrations. The reward for a valid submission, referred to as a “bounty,” is determined entirely at Tonkeeper’s discretion based on the issue’s type, its severity, and the quality of the report. Notably, Tonkeeper reserves the right to revise the program terms or discontinue the bounty offering at any time, making the reward process and program status subject to ongoing change.
Participation requires meeting strict eligibility criteria, including jurisdictional compliance and restrictions against recent or current employees and contractors. If minors wish to participate, parental consent and supervision are mandatory. Researchers are expected to act responsibly and avoid causing harm to users, data, or infrastructure, and are prohibited from publicly disclosing vulnerabilities before Tonkeeper authorizes it. For security researchers and developers, carefully reviewing Tonkeeper’s requirements and program boundaries is critical, both for maintaining ethics and for maximizing the impact of any submissions. As the program evolves, those interested should watch for changes in scope, reward categories, and reporting procedures published directly by Tonkeeper.
Eligibility and Participation Requirements
For developers building Telegram Mini Apps, wallet integrations, or DeFi tools, the boundaries set by Tonkeeper’s program are particularly relevant. The program excludes vulnerabilities discovered in third-party services even if they are embedded in Tonkeeper, meaning reports must focus on core Tonkeeper features such as swaps, staking, dApps browsing, and wallet security. For DeFi participants and ecosystem observers, this provides clear guidance on where security research should be directed and helps define responsibility lines in the event of a discovered issue.
The requirement for responsible disclosure also upholds user trust and network health. Any vulnerabilities must be reported directly and not revealed publicly or exploited, reflecting industry norms that place user security above headlines or personal recognition. For users and builders alike, this approach signals a robust security-first culture, while also inviting constructive scrutiny and collaboration. As the Tonkeeper ecosystem expands, especially with new dApps and financial instruments like xStocks, program participants must keep current with changing terms—Tonkeeper may adjust or cancel the bounty at any time, impacting ongoing or future submissions. It is essential to review the current program rules before submitting a report, ensuring contributions are recognized and rewarded.
How to Submit Vulnerabilities to Tonkeeper
It’s also important to note that the entire program remains at Tonkeeper’s discretion—Tonkeeper reserves the right to modify, suspend, or cancel the bug bounty at any time, and their decisions regarding eligibility and rewards are final. The process for evaluating and rewarding valid reports is not fully public, and issues already known to Tonkeeper or previously submitted will not receive rewards. Researchers should regularly check for updates to the program and watch for changes in scope or terms. As Tonkeeper evolves, builders and users alike should be attentive to new security guidelines and emerging vulnerabilities that may arise with feature rollouts or ecosystem expansions.
For users and builders, staying informed about updates to the bug bounty program will be important as Tonkeeper may adjust terms or scope in response to new security challenges and ecosystem developments. Keeping watch on these changes will help the community maintain wallet integrity and contribute to ongoing product improvement.
For more ecosystem coverage, see Latest TON news. Source reference: original source.