As promised, Mega has launched its vulnerability rewards program which offers cash to anyone that can break the site. Dotcom made some mentions of it, but there was little info so it was hard to tell just how serious or effective such a program would be. Mega has now explained it all in detail.
Mega accepts several types of bugs and vulnerabilities. Anything that has the potential to take over the site, run code on a user's machine via the site, or alter user keys and data qualifies.
There are several caveats though, for a bug to be recognized it can't rely on outdated browsers or plugins, compromised machines, phishing and so on.
If you do find a bug that could be exploited in Mega, all you have to do is contact the site and you may get up to €10,000, $13,600 depending on the severity of the bug.