Bug bounty on TON is a narrow but real niche. The stated ceilings look impressive: TON Foundation pays up to $100,000, Tonstakers the same on their programme, Tonkeeper up to $30,000. But between “stated” and “actually received” there is a wide gap. This playbook breaks down who fits TON bug hunting, which programmes are active in 2026, which bug classes actually pay, what tools the hunter uses, and why realism matters: most accepted reports are medium severity worth $100–5,000, not six-figure criticals. TL;DR — what TON actually pays Programme Stated ceiling Realistic median payout Submission channel TON Foundation core $100,000 $500–5,000 (medium) @ton_bugs_bot + GitHub Tonstakers $100,000 $1,000–10,000 via Tonstakers site STON.fi DEX v2.2 est. $50,000 critical $500–5,000 HackenProof Tonkeeper wallet $30,000 $1,000–5,000 security@tonkeeper.com EVAA Protocol undisclosed (est.…