Caroline Bishop
Mar 27, 2026 16:28
Paxos launches $1 million bug bounty on Cantina platform, protecting all main stablecoin and gold token contracts plus Web2 infrastructure in safety push.
Paxos is placing $1 million on the desk for safety researchers who can break its infrastructure. The regulated blockchain firm launched a complete bug bounty program on Cantina, protecting good contracts for USDG, PYUSD, and PAXG, together with its Web2 providers, APIs, and domains.
The highest payout—$1 million in USDG—targets essential vulnerabilities that would compromise the corporate’s core techniques. That is not a advertising and marketing quantity. Paxos explicitly needs “the perfect researchers on the planet going deep” on its code.
Scope Extends Past Sensible Contracts
What makes this program notable is its breadth. Most crypto bug bounties focus narrowly on good contracts. Paxos is together with cross-chain infrastructure, public-facing merchandise, and conventional internet providers—primarily mapping this system to how precise attackers would probe for weaknesses.
The timing connects to commitments Paxos made when launching USDG on Aave v3. The corporate informed Aave, LlamaRisk, and the broader group it will formalize exterior safety testing. This delivers on that promise.
Invitation-Solely Launch
For now, this system stays restricted to researchers already energetic in Cantina’s community. Paxos selected the platform particularly for its Web3-native focus and group of specialists who perceive the distinctive risk floor of tokenized belongings.
Researchers exterior the community can request entry via Cantina’s program web page. The corporate indicated it would increase entry after the preliminary invitation-only part.
Context on Paxos Property
The lined tokens characterize vital worth. PAXG, the gold-backed token, at present sits at a market cap of roughly $2.33 billion with latest 24-hour positive aspects of 1.85%. Simply this week, Paxos executed a $4.38 million PAXG switch to institutional market maker B2C2, signaling continued institutional exercise across the token.
PYUSD, PayPal’s stablecoin constructed on Paxos infrastructure, provides one other layer of publicity. Any vulnerability in these contracts may have an effect on each retail and institutional customers throughout a number of platforms.
Paxos operates underneath regulatory oversight from the OCC via its nationwide belief constitution, making safety failures notably pricey from each monetary and compliance views.
The corporate can also be hiring for its safety crew, suggesting this bounty program is a part of a broader safety infrastructure buildout quite than a one-off initiative.
Picture supply: Shutterstock
