Shopify Bug Bounty

We take merchant trust and safety very seriously. Our maximum bounty of $200,000 reflects that.

Last Updated: March 7, 2026 at 12:00 AM UTC

Program statistics

These statistics may vary from those reported by HackerOne due to differences in data collection and reporting criteria.

8 666 603 USD

Total bounties paid

327 050 USD

Total bounties paid this year

18 050 USD

Total bounties paid this month

1,156

Reports received in the last 90 days

2,347

Total Reports Resolved To Date

Submit a vulnerability

1

Review rules and/or scope

Start by exploring our scope, eligibility and known issues to understand how to discover vulnerabilities effectively.

2

Submit report

Once you’ve identified a vulnerability, submit your report to us for review.

3

Keep up with the process

Stay informed throughout the process of our Bug Bounty workflow.

Resources

Shopify’s Updated Bug Bounty Calculator

Our vulnerability scoring just got sharper.

Read now 

A Look Inside Our Bug Bounty Process

Discover the journey your report takes from submission to resolution.

Read now 

Getting Started in our Bug Bounty Program

Learn the first steps to take in our program, including creating an account and testing guidelines.

Read now