diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1ef2201a..5be350148 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1994,7 +1994,7 @@ For more, see issues marked
 
 This release also includes a fix to prevent Tendermint from including the same
 piece of evidence in more than one block. This issue was reported by @chengwenxi in our
-[bug bounty program](https://hackerone.com/tendermint).
+[bug bounty program](https://hackerone.com/cosmos).
 
 ### BREAKING CHANGES:
 
@@ -2487,7 +2487,7 @@ Special thanks to external contributors on this release:
 @james-ray, @overbool, @phymbert, @Slamper, @Uzair1995, @yutianwu.
 
 Special thanks to @Slamper for a series of bug reports in our [bug bounty
-program](https://hackerone.com/tendermint) which are fixed in this release.
+program](https://hackerone.com/cosmos) which are fixed in this release.
 
 This release is primarily about adding Version fields to various data structures,
 optimizing consensus messages for signing and verification in
diff --git a/README.md b/README.md
index f0da8f484..7823d45c1 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ More on how releases are conducted can be found [here](./RELEASES.md).
 ## Security
 
 To report a security vulnerability, see our [bug bounty
-program](https://hackerone.com/tendermint). 
+program](https://hackerone.com/cosmos). 
 For examples of the kinds of bugs we're looking for, see [our security policy](SECURITY.md).
 
 We also maintain a dedicated mailing list for security updates. We will only ever use this mailing list
diff --git a/SECURITY.md b/SECURITY.md
index 57d13e565..133e993c4 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@
 
 As part of our [Coordinated Vulnerability Disclosure
 Policy](https://tendermint.com/security), we operate a [bug
-bounty](https://hackerone.com/tendermint).
+bounty](https://hackerone.com/cosmos).
 See the policy for more details on submissions and rewards, and see "Example Vulnerabilities" (below) for examples of the kinds of bugs we're most interested in.
 
 ### Guidelines
@@ -86,7 +86,7 @@ If you are running older versions of Tendermint Core, we encourage you to upgrad
 
 ## Scope
 
-The full scope of our bug bounty program is outlined on our [Hacker One program page](https://hackerone.com/tendermint). Please also note that, in the interest of the safety of our users and staff, a few things are explicitly excluded from scope:
+The full scope of our bug bounty program is outlined on our [Hacker One program page](https://hackerone.com/cosmos). Please also note that, in the interest of the safety of our users and staff, a few things are explicitly excluded from scope:
 
 * Any third-party services
 * Findings from physical testing, such as office access