VIP Program
Robinhood also maintains a VIP Bug Bounty Program, which allows access to pre-release features in advance of their launch before the general public. Researchers who participate in our program may be invited to join the VIP Program based on the quality and consistency of their reports, with at least 3-5 reports submitted over time.
Zero-Day Issues
Robinhood accepts zero-day issues in third party software that can be directly used to compromise the confidentiality or integrity of our products. Zero-day issues may be submitted to our program at any time; however, we will only accept reports that permit us to disclose the issue to the relevant vendors. We cannot authorize testing against any third parties or our vendors.
Eligibility to Participate
To be eligible to participate in any Robinhood Bug Bounty Program, you must:
- Be at least 18 years of age and meet Robinhood account requirements if you test using a Robinhood account
- Not be employed by Robinhood as an employee, contingent worker, or contractor (including individuals who separated from Robinhood within the prior 12 months) or be an immediate family member of a current or former Robinhood employee, contingent worker, or contractor
- Not be a resident of or an individual located within a country appearing on any U.S. sanctions lists, as administered by the Office of Foreign Assets Control (OFAC)
- Not be in violation of any national, state, or local law or regulation with respect to any activities directly or indirectly related to the Bug Bounty Program
Rewards
Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). We’ll work with you to find an accurate CVSS score for your report, but please note these are general guidelines and reward decisions are up to the discretion of Robinhood.
Our program calculates bounties for reports based on a sliding CVSSv3 scale; the higher the issue’s score, the higher your bounty will be. We’ll use lower environmental scores for assets that are less important to Robinhood. We encourage rating your issues with CVSS before submission, but know that we may have to make adjustments in the event the score isn’t representative of the true impact. Final determination of the eligibility and severity of the issue will be made by and at the sole discretion of the Robinhood Security Team.
We may offer up to $50,000 for exceptional reports that demonstrate exceptional criticality in our focus areas. Presently, this applies to remote code execution in core services as well as significant accounting manipulations which would cause non-trivial financial losses to Robinhood.
Eligibility is limited to domains and properties owned and operated by Robinhood and its acquisitions. Software components used within Robinhood are eligible and may be exploited in your vulnerability testing. Note that bugs in third-party components only qualify if we determine that they can be used to successfully exploit Robinhood.
Overview: Introduction
Welcome to the Robinhood Bug Bounty Program! We’re excited to work more closely with you on discovering bugs in Robinhood. If you have any questions on our program, please email bugbounty@robinhood.com. Thank you for helping keep Robinhood and our users safe!
Robinhood: Democratizing America’s financial system. Invest in stocks, ETFs, options, and cryptocurrencies commission-free. Disclosure: https://robinhood.com/legal
All investments involve risk and loss of principal is possible.
Robinhood Financial LLC (member SIPC), is a registered broker dealer. Robinhood Securities, LLC (member SIPC), is a registered broker dealer and provides brokerage clearing services. Cryptocurrency services are offered through Robinhood Crypto, LLC. The Robinhood Money spending account is offered through Robinhood Money, LLC, a licensed money transmitter. All are subsidiaries of Robinhood Markets, Inc. (‘Robinhood’).
© 2025 Robinhood Markets, Inc.