Security - Rubic Documentation

As one of the seasoned players in the cross-chain market, Rubic has elaborated on the robust practices of maintaining security for its users along with API/SDK integrators. A high level of security is one of Rubic’s top priorities, and this is what makes Rubic stand out from the crowd in terms of security:

The integration of multiple bridges and DEXs allows Rubic to switch off the provider that gets out of operation, and redirect the user to a different, working one.
Rubic has a large infrastructure, team, and developer support, which allows for elaborating on more innovative measures to ensure the safety of swaps.

Rubic never keeps users’ funds on its frontend, every transaction is performed via API by sending calls to other smart contracts. Rubic’s staking and treasury smart contracts use Gnosis Safe enabling secure asset management. Rubic’s Security Audit By MixBytes - April, 2023 Rubic’s Security Audit By Stellar - June, 2026

Security History

In early 2023, Rubic undertook the following security enhancements:

Full contract rewrite before redeployment.
Independent audit by MixBytes: all findings were reviewed and resolved in full.
Bug Bounty program launched on Immunefi, creating an ongoing channel for external security researchers to identify and responsibly disclose vulnerabilities.
Dev team restructuring to strengthen internal security practices and reduce organizational risks to platform security.
Dedicated security engineer hired to own security operations on an ongoing basis.
Contract architecture redesign to make user funds more secureб all smart contract management interfaces now operate behind multisig via Gnosis Safe.
Operational hardening: two-factor authentication enforced across the team, automated audit logging configured, and real-time alerts deployed for suspicious behavior.

Since those steps were implemented, Rubic has maintained a clean record. The MixBytes audit, updated key management practices, and active bug bounty program are the direct results of lessons learned. We document this history because we believe transparency about past incidents, and a verifiable response to them, is more credible than silence.

Rubic’s Security Principles

Sustainability

Due to the aggregation of 340+ bridges and DEXs, Rubic guarantees swaps and sufficient liquidity for a swap even if some of the providers stop operating, run out of liquidity, or get hacked. Thanks to Rubic’s model architecture (Cross-Chain, On-Chain, Status Manager, Token Manager, Revert Manager), it continues to execute basic functions even if there’s something wrong with other modules.

Decentralization

To find the best swap deal for most of the cross-chain and on-chain providers, Rubic appeals to the provider’s API, and then the data is processed through their services.

Open-Source Softwar

We’re built on open-source software: Our site, validators code, and smart contracts are publicly visible for maximum transparency (Github).

Grants

Rubic has received grants from major blockchain platforms: Berachain, Celer, deBridge, NEAR, Harmony One, Symbiosis, Bitgert, Polygon, and Telos.

Team

Our founders and team have large amounts of experience in the crypto space - starting in 2017 - and you can follow them on their socials. Check out LinkedIn or Twitter.

Security Measures

Audit by MixBytes
Bug Bounty Program
Status Monitoring
Additional security practices: performance monitoring, accident management, and Rubic’s API & SDK Process Management.

Rubic’s Security Pillars

Performance Monitoring

To ensure the high performance of Rubic’s cross-chain tools, Rubic’s team utilizes Provider/Blockchain Monitoring Dashboard, scores providers for stuck transactions, daily volume, refunds, and checks out API live status. Rubic utilizes automated tools for monitoring social networks for any potential risks with bridges or chains. If any issues arise, we use direct channels of communication with all bridges and providers to react quickly.

Accident Management

If any critical issue arises with one of Rubic’s integrated providers/blockchains, Rubic’s platform as well as Rubic’s API/SDK continue to function by taking the following measures: All of Rubic’s integrators are immediately notified (via Discord, Telegram).

A compromised provider/bridge is paused in the smart contract and switched off for all integrators, whereas Rubic continues operating by redirecting transactions to other providers.
In case of any issues with Rubic’s API & SDK, Rubic takes the same actions — immediate notification of its integrators and switching off of the compromised provider/bridge. Rubic’s technical support is also ready to assist 24/7.

Rubic’s API & SDK Process Management

Continuous integration and collaboration with other projects allow Rubic to build up the most robust principles of testing, staging, and production environment. Seamless, fast, and secure API & SDK management is fulfilled by the following:

A code approval process includes the review of several developers and a release approval process includes the review of the Product Manager and QA.
The smart contracts are audited.
Rubic uses direct communication channels for updates (new version release updates, comments) to reduce the possibility of installing a compromised version.

Rubic is not just a platform enabling cross-chain swaps for individuals, but also a cross-chain toolkit for crypto projects, and all of these principles work for Rubic’s API & SDK integrators as well. Read in more detail how Rubic maintains security for its cross-chain swaps: https://cryptorubic.medium.com/how-rubic-provides-security-for-its-cross-chain-swaps-37d3a408afe7 Check out Rubic’s stats: https://dune.com/rubic/rubic-general-dashboard

Token Security Feature

Rubic App token selector has a special sign in front of every token. The sign shows whether the token is reliable, or if it could be a scam (as per the GoPlus database).

There are 4 categories of token reliability/ security:

The token is in the Go+ Trust List.
The token has no elements of concern.
The token code contains some low-risk elements of concern.
The token code contains some high-risk elements of concern.

You can click on a shield icon if you want to know more details about the token’s reliability. You’ll be transferred to the GoPlus page devoted to that particular token security status. GoPlus acts as a “security infrastructure” for Web3, providing open, permissionless, user-driven Security Services.

Bug Bounty Program

Rubic aims to operate as a secure, sustainable Cross-Chain Tech Aggregator that anyone can rely on to exchange and move cryptocurrencies across chains. In the interest of further security improvement, we launched the Rubic Bug Bounty Program with Immunefy. The program is focused on our smart contracts, with a primary interest in the prevention of user fund loss and the provision of protocol stability. We encourage anyone interested to review the code and find bugs or vulnerabilities which bad actors could exploit. The only eligible level is Critical, with a $25,000 maximum bounty.

Details:

Rubic’s Security Architecture: https://cryptorubic.medium.com/rubics-new-security-architecture-94115c6ad1f9

Last updated: June, 2026.

​Security History

​Rubic’s Security Principles

​Sustainability

​Decentralization

​Open-Source Softwar

​Grants

​Team

​Security Measures

​Rubic’s Security Pillars

​Performance Monitoring

​Accident Management

​Rubic’s API & SDK Process Management

​Token Security Feature

​Bug Bounty Program

​Details:

​Rubic’s Security Architecture: https://cryptorubic.medium.com/rubics-new-security-architecture-94115c6ad1f9