Yes! We manage our bug and responsible disclosure program through cobalt.io. If you think you have found a security vulnerability, please let us know!
Click here to go to Circle's bug bounty page. (If you have never used cobalt.io before, you will need to create a free account. Cobalt.io was previously Crowd Curity so if you signed up previously you will not have to sign up again.)
Within 48 business hours, someone from our team will contact you through cobalt.io. Verified and previously-undisclosed issues will be awarded bounties as thanks for improving our service.