Millions for bugs: total rewards for ethical hackers on Standoff Bug Bounty exceed 240 million rubles
5/25/2025
To celebrate the platform's third anniversary, 17 organizations were awarded for their contributions to the advancement of the Russian bug bounty market
During the international cyberfestival Positive Hack Days, the Standoff Bug Bounty platform summarized its progress over the past three years. Since its launch, Standoff Bug Bounty has attracted nearly 25,000 cybersecurity researchers from 60 countries worldwide. The total amount of rewards during this period was 242 million Russian rubles. Over 100 bug bounty programs have been published on the platform, each contributing to the enhancement of business and government security. An award ceremony for the best bug bounty program owners took place during the plenary session of PHDays Fest on Saturday, May 24.
From May 2022 to May 2025, more than 25,000 bug hunters from 60 countries in Asia, the CIS, the Middle East, as well as Europe, Africa, and Latin America registered for Standoff Bug Bounty. Over the past year and a half, the number of ethical hackers on the platform has more than tripled, and the total number of vulnerability reports submitted has increased more than fivefold to 10,900.
Other metrics are also growing rapidly: since November 2023, the number of unique vulnerability reports accepted by customers has more than tripled (4,772), as has the number of critical vulnerabilities found (520). According to these metrics, Standoff Bug Bounty is the leader among similar Russian platforms.
The maximum reward amount offered on Standoff Bug Bounty is nearly 4 million rubles, which is an increase by 39% compared to 2023. This is the largest reward among Russian bug bounty platforms. The average payout for an accepted vulnerability reached 58,000 rubles.
Over 100 bug bounty programs have been launched on Standoff Bug Bounty, and some of them aim to research scenarios of non-tolerable events. The platform has a wide range of customers: from small and medium-sized businesses to the largest Russian marketplaces, media holdings, government institutions, and regional governments. The largest number of vulnerability reports was received by IT companies in 2023 and by the retail sector in 2024.
Standoff Bug Bounty celebrates its third anniversary in 2025. During this time, together with program owners and researchers, we not only developed the service but also created a new market that did not exist in Russia before. What was once treated with caution is now becoming the standard for a mature approach to cybersecurity. We see companies transforming, opening up to the community, establishing effective processes to address vulnerabilities discovered by researchers, and becoming a benchmark for others. The award ceremony highlights this journey.
Anatoly Ivanov
Head of Standoff Bug Bounty
The anniversary celebration and awards ceremony was part of the international cyberfestival Positive Hack Days. Companies that have launched their own programs on the Standoff Bug Bounty platform were honored on the main stage of the cyberfestival. A total of 17 organizations received awards in various categories. The award winners included 1C-Bitrix, Azbuka Vkusa, Tochka bank, Cybersecurity Center of the Moscow Region, Jet Infosystems, T-Bank, HeadHunter, Innostage, Okko, Ozon, Rambler&Co, Timeweb, VK, and Wildberries. For example, Wildberries was recognized for a record number of reports processed within a single program, Rambler&Co was honored for their visionary approach to bug bounty programs, Azbuka Vkusa won in the "Longest running program" category, and Timeweb received the Hackers' Choice award.