Bug Bounty


The types of vulnerabilities that we reward the highest for are critical vulnerabilities, such as remote code execution, access to server source code or data, and cheating on games leading to financial gain. Payouts are not made for Informational or Low severity issues; only Medium and above.


  • Missing Security Headers.
  • Missing Cookie Flags.
  • SSL/TLS Misconfigurations.
  • Username Enumeration.
  • Outdated WordPress Core, Plugins, or Themes (unless remotely exploitable).
  • Low Impact Information Disclosure, such as Apache, PHP versions, etc.
  • Self-Cross-Site Scripting (XSS).
  • Password policy issues.
  • Missing DMARC/SPF.
  • Session Handling (unless Medium severity or above).


  • In the event that we receive duplicate reports, the first report received will be considered the valid one.
  • Do not attempt any Denial of Service (DoS) attacks.
  • Do not modify any user or system data.
  • Do not disclose the vulnerability to any third-parties, or publicly, until we have remediated the vulnerability.
  • Do not compromise other users' accounts or data.
  • Do not use automated tools, such as web vulnerability scanners.
  • Do not conduct Social Engineering attacks, Phishing, or any physical testing, such as lock picking.
  • Employees and business partners are excluded from the Bug Bounty.


Please email your vulnerability information to bugbounty@bovada.lv and include the following information:

  • Contact Name
  • Vulnerability Title
  • Services or Products Affected
  • Vulnerability Technical Description
  • Vulnerability Risk Rating (Informational, Low, Medium, High, Critical)
  • Screenshots or any other supporting information

A member of our Cyber Security team will respond to your report as soon as possible, usually within 2 business days, please take into consideration time zone differences in our response time.

Payment Methods


Gambling should be entertaining. Remember that you always risk losing the money you bet, so do not spend more than you can afford to lose. If you think you may have a problem, click here.

Bovada.lv is operated by Harp Media B.V. registered under No. 144943 at, Chuchubiweg 17, Curaçao. Harp Media B.V. is licensed and regulated by Curaçao eGaming (Curaçao license No. 1668 JAZ issued by Curaçao eGaming).

In order to register for this website, the user is required to accept the General Terms and Conditions. In the event the General Terms and Conditions are updated, existing users may choose to discontinue using the products and services before the said update shall become effective, which is a minimum of two weeks after it has been announced.