Caroline Bishop
Mar 27, 2026 16:28
Paxos launches $1 million bug bounty on Cantina platform, protecting all main stablecoin and gold token contracts plus Web2 infrastructure in safety push.
Paxos is placing $1 million on the desk for safety researchers who can break its infrastructure. The regulated blockchain firm launched a complete bug bounty program on Cantina, protecting sensible contracts for USDG, PYUSD, and PAXG, together with its Web2 providers, APIs, and domains.
The highest payout—$1 million in USDG—targets essential vulnerabilities that would compromise the corporate’s core methods. That is not a advertising and marketing quantity. Paxos explicitly needs “one of the best researchers on the planet going deep” on its code.
Scope Extends Past Good Contracts
What makes this program notable is its breadth. Most crypto bug bounties focus narrowly on sensible contracts. Paxos is together with cross-chain infrastructure, public-facing merchandise, and conventional net providers—primarily mapping this system to how precise attackers would probe for weaknesses.
The timing connects to commitments Paxos made when launching USDG on Aave v3. The corporate instructed Aave, LlamaRisk, and the broader group it could formalize exterior safety testing. This delivers on that promise.
Invitation-Solely Launch
For now, this system stays restricted to researchers already energetic in Cantina’s community. Paxos selected the platform particularly for its Web3-native focus and group of specialists who perceive the distinctive risk floor of tokenized belongings.
Researchers outdoors the community can request entry by Cantina’s program web page. The corporate indicated it is going to broaden entry after the preliminary invitation-only part.
Context on Paxos Belongings
The lined tokens symbolize important worth. PAXG, the gold-backed token, at the moment sits at a market cap of roughly $2.33 billion with latest 24-hour positive aspects of 1.85%. Simply this week, Paxos executed a $4.38 million PAXG switch to institutional market maker B2C2, signaling continued institutional exercise across the token.
PYUSD, PayPal’s stablecoin constructed on Paxos infrastructure, provides one other layer of publicity. Any vulnerability in these contracts may have an effect on each retail and institutional customers throughout a number of platforms.
Paxos operates underneath regulatory oversight from the OCC by its nationwide belief constitution, making safety failures notably expensive from each monetary and compliance views.
The corporate can be hiring for its safety crew, suggesting this bounty program is a part of a broader safety infrastructure buildout somewhat than a one-off initiative.
Picture supply: Shutterstock
