Bug Bounty Program

If you believe you have found a security vulnerability on CS:GO Blackjack, we encourage you to let us know right away.
Before reporting though, please review this entire page to get an understanding how our bug bounty program works.


To qualify for a bounty, you must:

  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity of user data, circumvent the privacy protections of user data, or enable access to a system within our infrastructure or the CS:GO Blackjack accounts, such as:
    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (CSRF/XSRF)
    • Broken Authentication
    • Circumvention of our Platform/Privacy permission models
    • Remote Code Execution
    • Privilege Escalation
    • Provisioning Errors
    • Any other error at server-level
  • Make every effort to use a test account instead of a real account when investigating bugs. When you are unable to reproduce a bug with a test account, it is acceptable to use a real account, except for automated testing.
  • Not interact with other accounts without the consent of their owners.


  • Bounties are awarded at the discretion of CS:GO Blackjack team.
  • Bounties are ONLY awarded in site credits.
  • There is no maximum reward: each bug is awarded a bounty based on its severity and creativity.
  • Only one bounty per security bug will be awarded.
  • We only pay individuals.

What you should include in your report

  • Detailed steps in your message explaining how to reproduce the bug.
  • Clear descriptions of any accounts used in your report and the relationships between them.

Report a bug

If you have found a bug on our website, please send the details of what the bug allows you to do, and step-by-step instructions on how to replicate the bug.

If you wish, you can also send us a video (uploaded to Youtube and must be marked as private so only we can see it).

You can report your bug by opening a ticket on our support page.