Skip to main content

New Scam YourCryptoPal : My Experience Reporting a Security Vulnerability to YourCryptoPal

 

As someone deeply invested in cybersecurity, I recently discovered a serious security vulnerability in YourCryptoPal, a platform that claims to prioritize user safety. Following responsible disclosure practices, I reported the issue to them, expecting a professional response and acknowledgment.

 

https://yourcryptopal.com/img/ycpbanner.png


 

  1. Dismissal and Accusation – Instead of thanking me for responsibly reporting a potential threat, the team at YourCryptoPal accused me of being a scammer. This was not only unprofessional but deeply insulting.

  2. Failure to Compensate – Many platforms offer bug bounties or rewards to incentivize responsible disclosure. Despite my clear report and evidence, they did not pay the promised reward.

  3. Lack of Accountability – I reached out multiple times, seeking clarification and resolution, but received no constructive response.

Why Responsible Disclosure Matters

Reporting security vulnerabilities is critical for the safety of all users. When platforms ignore, insult, or withhold compensation from researchers, it discourages ethical hacking and puts millions of users at risk.

Lessons Learned

  • Always document your reports thoroughly and keep copies of all communications.

  • Share your experience publicly if a platform refuses to acknowledge responsible disclosures. Transparency can protect other users and put pressure on companies to act ethically.

Conclusion
My experience with YourCryptoPal highlights the risks of dealing with platforms that do not value cybersecurity researchers. Ethical reporting should be met with gratitude and fairness—not insult and denial. I hope sharing this experience encourages others to be cautious and advocates for accountability in the crypto industry.

Comments

Post a Comment

Popular posts from this blog

My Experience With PrivateAlps.net – Scammers

  A Warning After Racist Insults and Unprofessional Behavior  I’ve worked with many bug-bounty programs, but nothing prepared me for the absolute disrespect I faced with PrivateAlps.net .   Domain :   https://privatealps.net/ I’m writing this to share MY personal experience , exactly how things happened from my side , because no researcher should ever be treated like this.         What Happened I reported real vulnerabilities. I put in the time, the effort, and the skill. They paid me $210 for one of the reports — fine. But when it came to the larger report, worth far more than $1,000 by standard industry value, everything went downhill. And then comes the part that still disgusts me: In my experience, their communication included racist insults. According to what I personally received from them, I was told things along the lines of: “Go f*** yourself, you Indian.”       This is not just unprofessional —   it’...
Post a Comment
Read more

Servers.guru Bug Bounty SCAM : Two Valid Reports, Zero Payment, Zero Accountability

This post documents my negative experience with the servers.guru vulnerability disclosure / bug bounty process. I am writing this publicly because private communication led nowhere, and I believe security researchers deserve honesty and transparency.     The Short Version I submitted two legitimate security vulnerabilities Both had real-world impact Both were clearly explained with reproduction steps No payment was made No convincing technical justification was given You can decide what that says about the program. Vulnerability #1: OTP Reuse (Authentication Broken) Category: Authentication / Logic Flaw Severity: High servers.guru implemented OTP in a way that defeats the entire purpose of OTP . What Was Wrong The same OTP could be reused multiple times instead of being invalidated after first use. This is not a “best practice” issue. This is OTP 101 . Why This Matters OTPs are meant to be one-time Reuse allows replay attacks Any intercepte...
Post a Comment
Read more