Caroline Bishop
Mar 27, 2026 16:28
Paxos launches $1 million bug bounty on Cantina platform, overlaying all main stablecoin and gold token contracts plus Web2 infrastructure in safety push.
Paxos is placing $1 million on the desk for safety researchers who can break its infrastructure. The regulated blockchain firm launched a complete bug bounty program on Cantina, overlaying good contracts for USDG, PYUSD, and PAXG, together with its Web2 companies, APIs, and domains.
The highest payout—$1 million in USDG—targets vital vulnerabilities that would compromise the corporate’s core methods. That is not a advertising and marketing quantity. Paxos explicitly desires “the very best researchers on this planet going deep” on its code.
Scope Extends Past Sensible Contracts
What makes this program notable is its breadth. Most crypto bug bounties focus narrowly on good contracts. Paxos is together with cross-chain infrastructure, public-facing merchandise, and conventional net companies—primarily mapping this system to how precise attackers would probe for weaknesses.
The timing connects to commitments Paxos made when launching USDG on Aave v3. The corporate advised Aave, LlamaRisk, and the broader group it could formalize exterior safety testing. This delivers on that promise.
Invitation-Solely Launch
For now, this system stays restricted to researchers already lively in Cantina’s community. Paxos selected the platform particularly for its Web3-native focus and group of specialists who perceive the distinctive risk floor of tokenized belongings.
Researchers exterior the community can request entry by means of Cantina’s program web page. The corporate indicated it would increase entry after the preliminary invitation-only part.
Context on Paxos Property
The coated tokens signify vital worth. PAXG, the gold-backed token, at present sits at a market cap of roughly $2.33 billion with current 24-hour features of 1.85%. Simply this week, Paxos executed a $4.38 million PAXG switch to institutional market maker B2C2, signaling continued institutional exercise across the token.
PYUSD, PayPal’s stablecoin constructed on Paxos infrastructure, provides one other layer of publicity. Any vulnerability in these contracts might have an effect on each retail and institutional customers throughout a number of platforms.
Paxos operates beneath regulatory oversight from the OCC by means of its nationwide belief constitution, making safety failures significantly pricey from each monetary and compliance views.
The corporate can be hiring for its safety staff, suggesting this bounty program is a part of a broader safety infrastructure buildout slightly than a one-off initiative.
Picture supply: Shutterstock