Case Study: Bitso achieves rapid remediation and scalable hacker-powered security with HackerOne

Bitso drives business growth with hacker-powered security

Bitso, the largest digital crypto exchange in Latin America, needed to protect millions of transactions and meet strict regulatory and data‑protection requirements (GFSC, GDPR) while scaling rapidly. Faced with an evolving attack surface and the need for seamless vulnerability management, Bitso turned to the hacker community and HackerOne to scale security without slowing product development.

Bitso implemented HackerOne bounty, pentest, and triage services—starting with a private program, moving to public bounties, and integrating Slack and APIs to fit their workflows. The program uncovered 107 total vulnerabilities (7 high/critical), delivered 34 valid reports in the first six months and 160 reports within two months of the public launch, and materially improved operations: average response time fell from 12 to 5 hours, reward payout from one month to two days, and resolution time from two months to 12 days—helping Bitso meet compliance, benchmark industry security, and scale safely.

Bitso

Emilio Revelo

Cybersecurity Engineer