Skip to content
Technology & Innovation

ExpressVPN Increases Bug Bounty Reward to US$100,000

TORTOLA, British Virgin Islands

– This is one of the highest bounties ever offered on Bugcrowd and 10x the
highest reward previously offered by ExpressVPN

– ExpressVPN invites researchers to focus test its TrustedServer technology

– TrustedServer is the world’s most advanced VPN server technology that has
been providing essential privacy protections for ExpressVPN users since 2019

Leading consumer privacy and security company ExpressVPN is offering
US$100,000 via Bugcrowd’s Bug Bounty solution to researchers who can find and
demonstrate a critical security bug on ExpressVPN’s in-house technology,

It is the highest single bounty offered on the Bugcrowd platform and 10
times higher than the top reward previously offered by ExpressVPN, showcasing
the company’s commitment to providing essential privacy protections to its

Nick McKenzie, Chief Information & Security Officer, Bugcrowd, says, “We’re
uber excited to see a leader in the online privacy and security world stepping
up collaborating with our community of cyber researchers, to ultimately work
together to ensure a safe online experience for everyone. ExpressVPN’s ongoing
partnership with Bugcrowd since 2020 demonstrates its commitment to a strong
security posture and a constant drive to improve the security of its products
and services. We hope this incentivizes more researchers to join the crowd, and
be a part of finding solutions to secure the digitally connected world.”

ExpressVPN built TrustedServer technology to significantly minimize
problems that traditional server management pose. On top of having an
independent audit by PwC to confirm TrustedServer’s security-enhancing claims,
ExpressVPN is taking a further step by rewarding the people who help them
improve their security.

Shaun Smith, Software Engineering Fellow at ExpressVPN and the architect
behind TrustedServer, says, “TrustedServer is already the world’s first and
most advanced VPN server technology, and we want to work with the community to
elevate it further. This means using the ingenuity of Bugcrowd’s security
researchers to help us further improve the security of TrustedServer. It was
important for us to demonstrate how seriously we take this contribution and are
excited to see what the community comes back with.”

Smith continues, “Traditionally, VPN infrastructure may be vulnerable to
several privacy and security risks. This is because most traditional approaches
to managing server infrastructure cannot account for various security and
privacy risks that are important for VPN service providers to mitigate. We
built TrustedServer to address those risks, and make the same solution
scalable, consistent, and secure across all our servers.”

ExpressVPN is inviting Bugcrowd security researchers to test the following
types of security issues within its VPN servers:

– unauthorized access to a VPN server or remote code execution
– vulnerabilities in ExpressVPN’s VPN server that result in leaking the
real IP addresses of clients or the ability to monitor user traffic

To find out more and participate in the bug bounty head to

Press Contact:
ExpressVPN Press Team

About ExpressVPN

Founded in 2009, ExpressVPN is one of the world’s largest providers of VPN
services, enabling users to protect their privacy and security online with just
a few clicks. The company’s award-winning software for Windows, Mac, iOS,
Android, Linux, routers, and browsers secures user information and identities
with best-in-class encryption and leak proofing. With servers across 94
countries, ExpressVPN provides a fast connection wherever users are and offers
uncensored access to sites and services from around the world. To learn more
about ExpressVPN’s privacy and security solutions, visit

Source: ExpressVPN