Hello friends,
I am an ethical hacker. I found vulnerabilities on Coinone. I sent a report 2 months ago for the first vulnerability.
Response of Coinone (2 month ago);
Thank you for the contact. We have an internal bug bounty program, well review your bug and arrange price. We have a rule for the price depending on the impact. Please send us your report.
Response of Coinone (1 month ago);
We have checking your mail with our own team and security partner.
So we need meeting our council and reward program.
Passed to a month... I wrote it 3 times for remind. Coinone doesn't answer, haven't fixed off vulnerability and they didn't send me a bug bounty.
So, I didn't tell them the second vulnerability(SQLi).
Your memberships aren't safe!