Hytale has formally opened its public bug bounty program, inviting security researchers and players to help identify vulnerabilities across its game, web services, and backend infrastructure, with payouts reaching over $25,000 depending on severity.
The program is run by Hypixel Studios, and it is designed to complement the studio’s internal security teams. The developers say the goal is to quickly identify and resolve issues that could affect user privacy, account safety, or service integrity after the game’s full launch.
Researchers who submit valid reports will have their findings triaged by the security team and receive updates throughout the resolution process. Bounties are awarded only after issues are verified and classified using CVSS 3.1 scoring, with critical vulnerabilities including unauthenticated remote code execution, mass data exposure, or full account takeovers.
There are clear rules for participation in the bug hunting programs. All vulnerability reports must be sent directly to [email protected] and include detailed reproduction steps, proof of concept material, and an assessment of potential impact. Testing must be done only on the researcher’s own accounts, and vulnerabilities cannot be disclosed publicly until Hypixel Studios has had a reasonable time to address them.
Only the first valid submission of a vulnerability is eligible for a bounty. Duplicate reports are acknowledged but do not receive a payout, though partial credit may be awarded if additional context or impact is provided. Participants must act in good faith, avoid privacy violations or service disruption, and be at least 18 years old to collect rewards.
While the program covers a wide range of Hytale-related assets, including the desktop game client, official servers, the launcher, account and store websites, public APIs, and select development environments. Third-party services, community-hosted servers, mods, and gameplay balance issues are explicitly excluded.
Denial of service attacks, brute forcing, social engineering, rate limiting issues, and cheats that do not affect server security are also out of scope and will not qualify for rewards.
Legal protection for researchers
Hypixel Studios offers safe harbor protections for researchers who follow the program rules. Good faith security research conducted under the policy is considered authorized, with the company stating it will not pursue legal action or support third-party claims related to compliant testing.
By publishing detailed scope, rules, and legal protections, Hytale joins a growing number of major game projects like Fortnite and many others, who turning to public bug bounty programs as part of their long-term security strategy. You can read in detail about the security program here.
