We constantly acquire 0-day vulnerabilities and exploits. We do not pay rewards for hypothetical or 1-day vulnerabilities. Please provide a brief technical description of the vulnerability and any exploits including the date of research, affected systems, testing results, exploit type, potential attack vector, bug type, specifics of the exploits, security bypass, user interaction or involvement, side effects, your price, etc. Please ensure that you use PGP encryption when communicating with us. (Our PGP key is provided below.) We will analyze and evaluate within 48 hours the vulnerability description you provide. Your reward payment can be paid in cash, bank transfer or anonymous transfers using cryptocurrencies. We will consider an additional premium in the form of quarterly payments to those researchers who agree to provide us with exclusive disclosure of a vulnerability. Realizing that the price of a potentially serious vulnerability may be higher, we are ready to negotiate the price bilaterally.
Agents and brokers are welcome. We will pay you generous commissions for helping us acquire zero-day vulnerabilities.
We reserve the right to refuse to purchase your materials.
You discover a zero-day vulnerability and create a functional prototype, to validate the exploitability of the vulnerability.
You write a brief technical description of the vulnerability found and send us a PGP encrypted key.
Within 48 hours, our research team will send you a purchase order.
If the order is accepted, you will provide us with full technical information on the vulnerability including a functional prototype.
We will verify the functionality and pay you a reward within 24 hours, using the payment method chosen by you.
If you have any counter proposals regarding the acquisition process, you can always contact us. You can arrange a personal meeting at various conferences we attend to discuss business and technical issues in person.
The market for vulnerabilities is growing rapidly and has migrated from the darknet to the corporate environment. ZERODAY supports the development of monitoring tools for law enforcement agencies and intelligence organizations, as well as the design of intrusion detection and prevention systems for vulnerabilities.
ZERODAY also conducts in-house research on vulnerabilities for a variety of systems. Researchers can contact us for our list of most wanted research directions.
ZERODAY assists security researchers in their work on vulnerabilities and provides the highest value for the results of their research. We pay the highest rewards in the market and have built a long-term relationship with many security researchers.
ZERODAY acquires a range of service vulnerabilities, from micro-controllers, SCADA, network equipment, various consumer devices, to mobile, desktop and server applications. If you have zero-day vulnerabilities for a platform or application that is not listed in the payment table below, please contact us.
ZERODAY highly appreciates the talents and technical competence of researchers. We invite you to join our internal teams conducting the most advanced research and offer excellent opportunities for experienced researchers.
We offer a competitive salary and high bonus payments for each exploitable and accepted vulnerability. You can work remotely or join one of our research centers.
We provide an annual subscription to the results of our studies and 0-day listings on a limited number of organizations.
You can send a request for a subscription to:
In addition to vulnerabilities, we are interested in acquiring various research results, such as:
- Deanonimization of TOR resources;
- Bypassing ASLR, DEP, UAC and other security mechanisms;
- Vectors for remote code execution on devices via GSM, Bluetooth and WiFi;
- Vulnerabilities in mobile devices chipsets;
- Innovative bypass of antiviruses;
- Other research results and technical information.
Our main goal is productive cooperation with the community of researchers on information security, allowing us to identify new threat vectors and open new research opportunities.
Follow us on Twitter to be informed about industry events where we will participate.
For cooperation and submission of vulnerabilities, please email: