NetherGames is committed to working with the security community to find vulnerabilities and issues in our systems in order to keep our customers and platforms safe.
We highly treasure the trust that our users place in us, so we hold ourselves to the highest security standards.

If you have discovered a security vulnerability that affects our systems, we offer a bug bounty program for security researchers and we'd love to work with you and rectify the issue as soon as possible. Issues and vulnerabilities can be reported via email to


Website related endpoints on any site (excluding forums)
API related endpoints on
Attack Vectors, Duplication glitches in MMO games, and security risks targetting the Minecraft: Bedrock servers.


The minimum reward for verified, accepted and patched vulnerabilities that are disclosed through the program is US$100. The reward is determined on a case-by-case basis and will depend on the severity of the vulnerability.
Please note that issues which do not have an impact on security are not eligible for a bounty.

Rewards will be paid via international bank transfer or PayPal only. We do not support cryptocurrencies.

Submitting a report does not guarantee a bounty. Only reports that can be verified by our development team are eligible for a reward.

You are the first person to report the vulnerability
You adhere to the Disclosure Guidelines
You do not access data of other users and use accounts which you have a right to access
You provide a working proof of concept, which includes appropriate code samples
You provide appropriate instructions to reproduce the vulnerability
You do not disclose the vulnerability publicly prior to its resolution
You do not use automated scanning tools
The issue is not related to outdated dependencies
Origin IP exposure is NOT eligible for bug bounties, the exposure of those IPs is required for our bedrock servers and therefore unavoidable


Example report cases include:
Being able to access other users accounts
Being able to access internal or staff-only systems
Being able to make malicious API calls that bypass authentication
XSS, SQL Injection or other input-based exploits

Disclosure Guidelines

Reporters should:
Respect the rules. Operate within the rules set forth by NetherGames.
Respect privacy. Make a good faith effort not to access or destroy another user's data.
Be patient. Make a good faith effort to clarify and support their reports upon request.
Do no harm. Act for the common good through the prompt reporting of all found vulnerabilities. Never willfully exploit others without their permission.

Questions? Contact our support team here or by clicking the chat button in the bottom right corner.
Was this article helpful?
Thank you!