Transfer your bounties to your bank account
As a Hunter on the YesWeHack platform, if your submitted reports are eligible for a reward, the corresponding bounties will be credited to your e-wallet. Simply add your banking information to withdraw your earnings at any time.
ℹ️ You must have a KYC verified Hunter profile to submit vulnerability reports on YesWeHack Bug Bounty Programs and receive a reward.
To know how to verify your identity, click here.
ℹ️ To learn more about what rewards can be expected by Hunters, click here.
Billing information
What is a billing mandate?
A billing mandate is an invoicing agreement between a company and his provider (YesWeHack and a Hunter). When accepting the billing mandate, you (the hunter) allow YesWeHack to create a monthly electronic invoice on your behalf (Monthly invoices include all bounties received during said month).
Why do I need to fill-in a billing mandate?
As a hunter, you must declare your activity to your local authorities, wherever you are located. YesWeHack facilitates this process by generating an invoice for you.
This is mandatory to use the platform and submit reports.
How to fill-in my billing mandate?
Go to your “E-wallet” in the left side menu
Click on “KYC” (Know Your Customer)
The KYC process includes two billing steps: billing information and billing mandate
ℹ️ Make sure to update your information or status if they change, so it could be reflected on your next invoice.
Edit billing information
Go to “My E-Wallet” in the left side menu
Click on “Billing Information”
Click on “Edit” (Pencil icon)
ℹ️ You cannot direct edit your Billing Mandate, but updating your personal information (e.g., address) will generate a new one.
When should I tick “I am subject to VAT”?
Only Hunters that perform testings as a French Company are subject to VAT on our platform. If a user is not part of this category, he is not subject to VAT and should not check the “I am subject to VAT” box on his billing mandate.
If you are subject to VAT but operating from a different country than France, precising your intra-community VAT number will suffice. Your invoices will display the legal mentions regarding reverse charge.
When will I receive my invoice?
Invoices are sent on the last day of each month to hunters who received one or more bounties during that month.
I want to withdraw my bounty on a company bank account
It is possible to receive your bounties on your company bank account.
However, we need to verify your company with our MangoPay, which will require to complete extra-verification-steps and provide additional documents.
The verification process for a company will depend on your location.
ℹ️ Please contact YesWeHack via [email protected] and we will guide you through the appropriate process depending on your location.
Withdraw your rewards
What are the prerequisites for a withdrawal?
An hunter must fulfill the following prerequisites:
Be KYC Verified and enrolled in SCA
ℹ️ Our payment provider requires Strong Customer Authentication (SCA) to protect your funds and payment activity. Click here to learn how to enroll in SCA.
Use a bank account associated to his/her name (=the same identity previously verified during KYC process)
The bank account must be located in a country where MangoPay authorizes money transfers. Check here the list of authorized countries.
If your bank account is not located in an authorized country
The beneficiary bank account can also be a TransferWise (wise.com) multi-currency account since wise.com provides IBAN / SWIFT AND BIC codes (for wire transfers in EUR) as well as US Routing numbers (for wire transfers in USD) to its users in need of Bank references accross different countries and continents.
Hunters may also use Payoneer if they received a bounty in EUR and if they have a Euro receiving account on Payoneer.
How to configure an hunter's bank account
Go to your “E-Wallet” in the left side menu
Click on “Bank accounts”
Click on “+ Add bank account”
Choose a “Display name on YesWeHack”
Fill in bank account details
Click on “Add”
⚠️ The bank account should be under the same name which has been KYC verified.
Withdraw your bounties from your wallet
Go to your “E-Wallet”
Click on “Wallet Information”
Click on “Withdraw” in the balance section
Enter your “Password”
Select a “Bank account” or add a new one
Click on “Withdraw wallet”
To find all your transactions or invoices in your “E-Wallet”, click on specific sections in the left side menu
What are the reasons for a failed withdrawal or a payout return?
Payout failures usually occur when:
The bank account owner is not the YesWeHack account owner (i.e., the KYC verified user). We recommend to change the bank account with one under the hunter's name.
The local bank doesn’t accept wire transfers in euros or dollars. We recommend the hunter to check with his bank. If the issue is confirmed, our suggestion is to use an intermediary (e.g. wise.com).
The hunter's bank needs more info about the transaction in order to unblock the funds for his client. For example, a bank may ask for the purpose of remittance. The hunter can in this case precise to the bank the following "MangoPay is the Payment Service Provider (PSP) of YesWeHack platform. The funds are in fact a reward that [I] received on my MangoPay e-wallet after finding a security flaw and reporting it to the vulnerable company through the YesWeHack platform."
The Hunter hasn't selected the correct "bank account type" when entering his bank details on the platform.
ℹ️ If you tried all of the above solutions and you are still facing a payout or withdrawal issue, please contact [email protected] with details about your issue, including your transaction number.
How long does a withdrawal take?
Transfers can take some time to get to a bank, depending on the transfer route.
It can take up to 15 business days for international transfers.
Wire-transfer (hypothetical) fees
Transfer fees will depend on the transfer route and on the banks/intermediaries involved. (They are often applied by the beneficiary bank, so a hunter's bank might be able to provide more details on that matter).
⚠️ YesWeHack does not take any commission on rewards nor on withdrawals.
Supported currencies
Program Managers may transfer bounties in € or $ to a hunter's e-wallet.
MangoPay does not perform currency conversions, so hunters must check with their bank if wire transfers are accepted for the currency of their bounty.
If a hunter's bank does not accept transfers in said currency, hunters may transfer their bounty to a intermediary or use a different bank account.