SpaceX bug bounty offers up to $25,000 per Starlink exploit

Close up of the Starlink logo, a stylised black 'X' with the word starlink beneath on a white background, with other such logos in the background but blurry
(Image credit: Getty Images)

SpaceX is offering between $100 and $25,000 in bounties to hackers who report exploits to the company through their website.

The spacecraft manufacturer has set up a dedicated page on crowdsourced bug bounty platform Bugcrowd, giving would-be white hats a centralised method for reporting un-patched SpaceX and Starlink exploits.


Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space


Hackers who submit reports on network vulnerabilities can expect up to $10,000, while on a “case-by-case” basis those who discover and report vulnerabilities with Starlink dishes, satellites or other such hardware can receive up to $25,000.

According to its Bugcrowd page, SpaceX has so far rewarded 41 vulnerability reports, at an average of $972 each. A more comprehensive list of prices per type of vulnerability discovered can be found on the page, but SpaceX specifically forbids physical tampering with its infrastructure or that of Starlink’s, as well as testing that could directly impact its services.

In a document shared by SpaceX titled ‘Starlink welcomes security researchers (bring on the bugs), the company outlines its position on bug bounties.

“We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities,” states the document.

“We recognize and appreciate the support of the broader security community in making Starlink better and more secure. We encourage researchers to test Starlink for security issues in a non-destructive way and to report their findings through our bug bounty program.”

SpaceX further states that it considers vulnerability research within its bug bounty policies to be exempt from Digital Millennium Copyright Act (DMCA) claims, legal action as a result of Computer Fraud and Abuse Act (CFAA) violation, and SpaceX terms and conditions that would interfere with research.

Bug bounties are a popular form of publicly-sourced testing for companies, that offer white hat hackers lucrative rewards and permission to attempt to hack some of the most challenging commercial security systems, in return for information on any vulnerabilities that they discover.

In June, an employee working for the vulnerability coordination platform HackerOne was found to have been stealing and re-submitting bug bounties for personal profit and was subsequently fired.

The Starlink constellation, which aims to provide satellite broadband access to customers worldwide, is rapidly growing. With over 2,500 satellites currently in orbit and an end goal of 12,000 having been approved by the FCC, it is a frontrunner in the growing race for satellite internet dominance, which has already spawned disagreements as well as interest from agencies such as DARPA.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at or on LinkedIn.