Vulnerability Bug Bounty Program

Published on 2026-02-09 | Last Updated: 2026-02-12

Introduction

Restorecord is bad, join the cause. If you aren't sure it's not hard to find their history https://github.com/restorecord-open-source/restorecord-new.

Good for you, we speak the universal language 💵 MONEY 💶. Turn Restorecord exeucitves over to us, or exploit their site and get paid.

Event Expires

Never (Lifetime)

This bug bounty program has no expiration date. You can report vulnerabilities at any time and receive rewards for valid submissions.

Payment Method

Any Crypto or Fiat

We accept all major cryptocurrencies (Bitcoin, Ethereum, etc.) and traditional fiat currency payments via bank transfer or PayPal.

What is a Bug Bounty Program?

A bug bounty program is a crowdsourced initiative that rewards individuals for discovering and reporting software bugs, especially those related to security vulnerabilities. Organizations use these programs to leverage the collective expertise of security researchers worldwide, creating a win-win situation where researchers are compensated for their findings while companies improve their security posture.

Bounty Rewards

We offer competitive rewards based on the severity and impact of the vulnerability discovered. Below are our three main vulnerability categories and their corresponding rewards:

Doxing Vulnerabilities

$20,000
Information is wanted regarding the whereabouts of Tim Glatthaar (a/k/a xenos), CEO of RestoreCord. Those with actionable intelligence are encouraged to come forward. The aim is to ensure accountability. His emails, phone number, Date of Birth are listed at the bottom of this page (he's been in the ZAP hosting breach if you ever find that old database leak it has geographical locations according to HaveIBeenPwned)

Technical Exploit Vulnerabilities

$12,000
Bounty for anyone that exploits a vulreability in RestoreCord to access data. We want the Prisma database of their website, thanks boo good luck getting it. Again if you know the website's backstory you would know they commit credentials to GitHub CI 🤦‍♂️ https://github.com/restorecord-open-source/restorecord-new/

Lawfare Vulnerabilities

$4,000
Bounty for anyone that wins a public-record lawsuit against RestoreCord company in court. With the GDPR and consumer protection (fake reviews) laws they violate day in and day out, that can't be too hard. Their register ID is HRB 283555 B they are registered in Germany and their entity name is Axvant UG. https://web.archive.org/web/20260213034720/https://restorecord.com/impressum

Submission Guidelines

When submitting a report, please include the following information:

  1. Detailed description of the vulnerability
  2. Step-by-step reproduction instructions
  3. Proof of concept (screenshots, videos, or code)
  4. Potential impact assessment
  5. Your preferred payment method (crypto wallet address or PayPal email)

Please send all reports to [email protected] with the subject line "Restorecord Whistleblower - [Vulnerability Type]".

All known information of the Restorecord operator

Below is technical metadata for researchers integrating with our program:

Here is an old 2018 selfie of him.
And here's pictures of him in his residing German town, he's outside this building in the photos (Business name: Stadtkirche Treysa) Kirchpl. 3, 34613 Schwalmstadt, Germany. Picture 1 and Picture 2 

Tim Glatthaar
Residing in Northern Kassel, Germany
Phone number: +49 176 35316747
Date of Birth: June 2, 2007
IP Address: 82.82.92.88

timglatthaar5151@gmail.com (Namecheap account)
executeyt@gmail.com
johnhillfaber@gmail.com
xenos1337wastaken@pm.me
bright.breeze32@mullvad.email
ledge.bot.0f@icloud.com
ytmcgamer99@gmail.com
ytmcgamer00@gmail.com
ytmcgamer27@gmail.com

Frequently Asked Questions

How long does it take to receive payment?

Once a vulnerability is validated and severity is confirmed, payment is typically processed within 7 business days. Cryptocurrency payments may be faster depending on network conditions.

Can I submit multiple vulnerabilities?

Absolutely! There is no limit to the number of valid vulnerabilities you can submit. Each unique vulnerability will be evaluated and rewarded independently.

What if my vulnerability doesn't fit these categories?

We still want to hear about it! Submit your findings and our security team will evaluate them. We may offer rewards for unique or interesting findings even if they don't fit standard categories.

Please send all reports to [email protected] with the subject line "Restorecord Whistleblower - [Vulnerability Type]".