diff --git a/SUMMARY.md b/SUMMARY.md index c58ff269..377cd015 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -170,3 +170,5 @@ - [Exercise 2](./program-analysis/slither/exercise2.md) - [Exercise 3](./program-analysis/slither/exercise3.md) - [Resources](./resources/tob_blogposts.md) + - [Security contact](./resources/contact.md) + - [Blog posts](./resources/tob_blogposts.md) diff --git a/resources/README.md b/resources/README.md new file mode 100644 index 00000000..b1441c08 --- /dev/null +++ b/resources/README.md @@ -0,0 +1,6 @@ +# Ressources + +General ressources + +- [Security contact](./contact.md) +- [Blog posts](./tob_blogposts.md) diff --git a/resources/contact.md b/resources/contact.md new file mode 100644 index 00000000..15c16096 --- /dev/null +++ b/resources/contact.md @@ -0,0 +1,295 @@ +# Blockchain Security Contacts + +This page is a community-curated resource for contacting security teams. It identifies the best way to contact an organization's security team so that hackers can report vulnerabilities directly to the organizations that can resolve them. + +This document is a work in progress. We're happy to accept feedback, questions, or ideas for improvements. [File an issue](https://github.com/crytic/building-secure-contracts/issues/new) or [join us on Slack](https://slack.empirehacking.nyc/) to talk further. + +## Recommendations + +- Refer to [disclose.io](https://disclose.io/) for vulnerability disclosure program best practices +- Don't make researchers [agree to terms](https://twitter.com/matthew_d_green/status/1025365194330066945) to report security issues to you +- Create a security@ email address that delivers directly to your engineering team + +## Blockchains + +| Name | Contact | More info | +| ---------------- | ------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | --- | +| Aptos | security@aptoslabs.com | | | +| Arweave | team@arweave.org | | | +| Auroracoin | m.hannes@auroracoin.is | | | +| Bitcoin | security@bitcoincore.org | [Security page](https://bitcoincore.org/en/contact/) | +| Bitcoin Cash | | | +| Bitcoin Gold | admin@bitcoingold.org | [Disclosure policy](https://github.com/BTCGPU/dev/blob/master/responsible-disclosure.md) | +| Bitshares | contactbitshares@bitshares.org | | +| Bytecoin | contact@bytecoin.org | | +| Cloakcoin | anorak@cloakcoin.com | | | +| Decred | contact@decred.org | | +| DogeCoin | | | +| Edgeware | security@commonwealth.im | | | +| Ethereum | bounty@ethereum.org | [Bug bounty](https://bounty.ethereum.org/) | +| Ethereum Classic | security@etcdevteam.com | | +| Horizen | security@horizen.global | [Bug bounty](https://horizenofficial.atlassian.net/wiki/spaces/ZEN/pages/136871957/Bug+Bounty+Submission+Policy+and+Scope) | +| Hush | hushteam@protonmail.com | [Security Page](https://github.com/MyHush/hush/blob/master/doc/security.md) | +| ICON | hello@icon.foundation | | +| IOV | security@iov.one | | +| Komodo | security@komodoplatform.com | | +| Litecoin | contact@litecoin.org | | +| Nem | contact@nem.io | | +| Neo | contact@neo.org | | +| Monero | [Multiple](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) | [Bug bounty](https://hackerone.com/monero) | +| Ontology | contact@ont.io | | +| POA Core | security@poanetwork.com | [Security page](https://forum.poa.network/c/general/security) | +| Ripple | bugs@ripple.com | [Bug bounty](https://ripple.com/bug-bounty/) | +| RSK | security@rsk.co | [Bug bounty](https://hackerone.com/iovlabs) | +| Sia | hello@sia.tech | | +| Steem | | | +| Tezos | security@tezos.com | [Bug bounty](https://tezos.foundation/security/security-policy-bug-bounty/) | +| Qtum | | | +| Quorum | quorum_info@jpmorgan.com | | +| VeChain | | | +| xDai Chain | security@poanetwork.com | [Security page](https://forum.poa.network/c/general/security) | +| ZCash | security@z.cash | [Security page](https://z.cash/support/security/) | + +## Decentralized Applications + +| Name | Deployed Addresses | Contact | More info | +| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ---------------------------------------------------------------------------------------------------------- | +| 0x | | team@0xproject.com | [Bug bounty](https://0x.org/docs/developer-resources/bounties) | +| 1Hive | | | [Bug bounty](https://wiki.1hive.org/developers/security/bug-bounty) | +| AAVE | | security@aave.com | | +| Ampleforth | [External Reference](https://github.com/ampleforth/uFragments/blob/master/README.md) | dev-support@ampleforth.org | | +| Aragon | [External Reference](https://github.com/aragon/deployments/tree/master/environments/mainnet) | security@aragon.org | [Bug bounty](https://wiki.aragon.org/association/security/#smart-contract-bug-bounty) | +| Bamboo Relay | | dex@bamboorelay.com | | +| Bancor Network | | security@bancor.network | | +| BarterDEX Network | | security@komodoplatform.com | | +| Bloom | | team@bloom.co | | +| bZx | | security@bzx.network | | +| C-Layer | [External Reference](https://c-layer.org/) | security@c-layer.org | | +| Commonwealth.im | | security@commonwealth.im | | +| Compound Finance | | security@compound.finance | | +| Connext | | support@connext.network | | +| Cozy Finance | | security@cozy.finance | | +| Decentraland | | | [Bug bounty](https://decentraland.org/security/) | +| Decentralized Vulnerability Platform | | service@dvpnet.io | | +| Democracy Earth | | hello@democracy.earth | | +| Dharma | | security@dharma.io | | +| Erasure / Numerai | [External Reference](https://github.com/erasureprotocol/erasure-protocol) | security@numer.ai | | +| Ethfinex | | bounty@ethfinex.com | | +| Giveth | [External Reference](https://docs.giveth.io/dapps/developmentProcess/) | +| Idle Finance | [External Reference](https://developers.idle.finance/contracts-and-codebase) | security@idle.finance | | +| InstaDApp | [External Reference](https://github.com/InstaDApp/smart-contract) | info@instadapp.io | | +| Kleros | [External Reference](https://github.com/kleros/kleros/blob/master/auditor.md) | contact@kleros.io | [Bug bounty](https://github.com/kleros/kleros/blob/master/auditor.md#bounties) | +| Kyber Network | | hello@kyber.network | | +| LivePeer | [External Reference](https://github.com/livepeer/wiki/blob/master/Deployed-Contract-Addresses.md) | security@livepeer.org | | +| Melon | | security@melonport.com | | +| Nahmii | | security@hubii.com | | +| Nexus Mutual | | security@nexusmutual.io | | +| Raiden Network | | bounty@raiden.network | | +| Reimagined Finance | | security@reimagined.fi | | +| RenEx | | security@republicprotocol.com | | +| Sablier | [External Reference](https://github.com/sablierhq/sablier#contracts-memo) | hello@sablier.finance | | +| Sandclock | | security@sandclock.org | | +| Set Protocol | | security@setprotocol.com | [Bug bounty](https://medium.com/set-protocol/introducing-the-set-protocol-bug-bounty-program-5790f16d2b8c) | +| Solidified | | info@solidified.io | | +| Sovryn | [External Reference](https://github.com/DistributedCollective/Sovryn-smart-contracts/blob/development/scripts/contractInteraction/mainnet_contracts.json) | | [Bug bounty](https://immunefi.com/bounty/sovryn/) | +| Status.im | | security@status.im | [Bug bounty](https://gist.github.com/adambabik/7e1c9148610a64fbeb953eaf1b742456) | + +## Decentralized Exchanges (DEXs) + +| Name | Deployed Addresses | Contact | More info | +| --------- | ------------------------------------------------------------------------------------ | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | +| AirSwap | [Etherscan](https://etherscan.io/address/0x8fd3121013a07c57f0d69646e86e7a4880b467b7) | bounty@airswap.io | | +| DDEX | [Etherscan](https://etherscan.io/address/0x241e82c79452f51fbfc89fac6d912e021db1a3b7) | security@ddex.io | | +| Enclaves | | contact@enclaves.io | | +| Leverj | [Custodian](https://etherscan.io/address/0xCE00901a0638d758D6f89d59dFa32120D2259B0C) | info@leverj.io | leverj.io | +| Orderbook | [Etherscan](https://etherscan.io/address/0xb3ec0d352c7935dd2663eafab4c99be6508df9af) | security@orderbook.io | [Instruction](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | +| Synthetix | | security@synthetix.io | | +| UniSwap | | contact@uniswap.io | | + +## ERC20 Tokens + +| Name | Ticker | Mainnet Address | Contact | More info | +| ---------------------- | --------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | --- | +| Aelf | ELF | [Etherscan](https://etherscan.io/token/0xbf2179859fc6d5bee9bf9158632dc51678a4100e) | contact@aelf.io | | +| Aeternity | AE | [Etherscan](https://etherscan.io/token/0x5ca9a71b1d01849c0a95490cc00559717fcf0d1d) | info@aeternity.com | | +| Aion | AION | [Etherscan](https://etherscan.io/token/0x4CEdA7906a5Ed2179785Cd3A40A69ee8bc99C466) | hello@aion.network | | +| AirSwap | AST | [Etherscan](https://etherscan.io/token/0x27054b13b1b798b345b591a4d22e6562d47ea75a) | bounty@airswap.io | [Bug bounty](https://medium.com/fluidity/smart-contracts-and-bug-bounty-ad75733eb53f) | +| Ampleforth | AMPL | [Etherscan](https://etherscan.io/token/0xd46ba6d942050d489dbd938a2c909a5d5039a161) | dev-support@ampleforth.org | | +| Aragon | ANT | [Etherscan](https://etherscan.io/token/0x960b236A07cf122663c4303350609A66A7B288C0) | security@aragon.org | [Bug bounty](https://wiki.aragon.org/dev/bug_bounty/) | +| Augur | REP | [Etherscan](https://etherscan.io/token/0x1985365e9f78359a9B6AD760e32412f4a445E862) | bounty@augur.net | | +| Aurora | AOA | [Etherscan](https://etherscan.io/token/0x9ab165d795019b6d8b3e971dda91071421305e5a) | info@aurorachain.io | | +| Bancor | BNT | [Etherscan](https://etherscan.io/token/0x1f573d6fb3f13d689ff844b4ce37794d79a7ff1c) | contact@bancor.network | | +| Banker Token | BNK | [Etherscan](https://etherscan.io/token/0xc80c5e40220172b36adee2c951f26f2a577810c5) | technical@bankera.com | | +| Basic Attention Token | BAT | | security@brave.com | [Bug bounty](https://hackerone.com/brave) | +| Bibox Token | BIX | [Etherscan](https://etherscan.io/token/0xb3104b4b9da82025e8b9f8fb28b3553ce2f67069) | | | +| Binance Coin | BNB | [Etherscan](https://etherscan.io/token/0xB8c77482e45F1F44dE1745F52C74426C631bDD52) | security@binance.com | [Bug Bounty](https://www.bugcrowd.com/binance) | +| Bloom | BLT | [Etherscan](https://etherscan.io/token/0x107c4504cd79c5d2696ea0030a8dd4e92601b82e) | team@bloom.co | | +| Brickblock | BBK | [Etherscan](https://etherscan.io/token/0x4a6058666cf1057eac3cd3a5a614620547559fc9) | security@brickblock.io | | +| Bytom | BTM | [Etherscan](https://etherscan.io/token/0xcb97e65f07da24d46bcdd078ebebd7c6e6e3d750) | contact@bytom.io | | +| ChainLink | LINK | [Etherscan](https://etherscan.io/token/0x514910771af9ca656af840dff83e8264ecf986ca) | security@chain.link | | +| CyberMiles | CMT | [Etherscan](https://etherscan.io/token/0xf85feea2fdd81d51177f6b8f35f0e6734ce45f5f) | contact@cybermiles.io | | +| Dai | DAI | [Etherscan](https://etherscan.io/token/0x89d24a6b4ccb1b6faa2625fe562bdd9a23260359) | infosec@makerdao.com | | +| Decentraland | MANA | [Etherscan](https://etherscan.io/token/0x0f5d2fb29fb7d3cfee444a200298f468908cc942) | hello@decentraland.org | | +| DentaCoin | DCN | [Etherscan](https://etherscan.io/token/0x08d32b0da63e2C3bcF8019c9c5d849d7a9d791e6) | founder@dentacoin.com | | +| DigixDAO | DGD | | | | +| Dropil | DROP | [Etherscan](https://etherscan.io/token/0x4672bad527107471cb5067a887f4656d585a8a31) | support@dropil.com | | +| EToken Assets | | | security@ambisafe.com | Many tokens are issued with EToken | +| Dynamic Trading Rights | DTR | [Etherscan](https://etherscan.io/token/0xd234bf2410a0009df9c3c63b610c09738f18ccd7) | security@tokens.net | | +| FEE Token | FEE | [Etherscan](https://etherscan.io/token/0xffe4a5a685efc53f45bf50f3dab45ded1b028134) | info@leverj.io | | +| FunFair | FUN | [Etherscan](https://etherscan.io/token/0x419d0d8bdd9af5e606ae2232ed285aff190e711b) | info@funfair.io | | +| Gnosis | GNO | [Etherscan](https://etherscan.io/token/0x6810e776880c02933d47db1b9fc05908e5386b96) | info@gnosis.pm | | +| Golem | GNT | [Etherscan](https://etherscan.io/token/0xa74476443119A942dE498590Fe1f2454d7D4aC0d) | contact@golem.network | | +| Holo | HOT | [Etherscan](https://etherscan.io/token/0x6c6ee5e31d828de241282b9606c8e98ea48526e2) | info@holo.host | | +| Hubiits | HBT | [Etherscan](https://etherscan.io/token/0xdd6c68bb32462e01705011a4e2ad1a60740f217f) | security@hubii.com | | +| Immutable X | IMX | [Etherscan](https://etherscan.io/token/0xf57e7e7c23978c3caec3c3548e3d615c346e79ff) | security@immutable.com | | +| IOST | IOST | [Etherscan](https://etherscan.io/token/0xfa1a856cfa3409cfa145fa4e20eb270df3eb21ab) | team@iost.io | | +| Jigstack | STAK | [Etherscan](https://etherscan.io/token/0x1f8a626883d7724dbd59ef51cbd4bf1cf2016d13) | hello@jigstack.org | | +| Kin | KIN | [Etherscan](https://etherscan.io/token/0x818fc6c2ec5986bc6e2cbf00939d90556ab12ce5) | | | +| KuCoin Shares | KCS | [Etherscan](https://etherscan.io/token/0x039b5649a59967e3e936d7471f9c3700100ee1ab) | support@kucoin.com | | +| Kyber Network | KNC | [Etherscan](https://etherscan.io/token/0xdd974d5c2e2928dea5f71b9825b8b646686bd200) | hello@kyber.network | | +| Ledgerium | LGUM | [Etherscan](https://etherscan.io/token/0x84136c48d0ed75c384d0e9b04745f0208561a5b9) | security@ledgerium.net | | +| Leverj | LEV | [Etherscan](https://etherscan.io/token/0x0f4ca92660efad97a9a70cb0fe969c755439772c) | info@leverj.io | | +| Loopring | LRC | [Etherscan](https://etherscan.io/token/0xef68e7c694f40c8202821edf525de3782458639f) | bounty@loopring.org | [Bug bounty](https://medium.com/loopring-protocol/bug-and-optimization-bounty-for-smart-contracts-c2c855f3a748) | +| Loom Network | LOOM | [Etherscan](https://etherscan.io/token/0xa4e8c3ec456107ea67d3075bf9e3df3a75823db0) | security@loomx.io | | +| Mainframe | MFT | [Etherscan](https://etherscan.io/token/0xdf2c7238198ad8b389666574f2d8bc411a4b7428) | security@mainframe.com | | +| Maker | MKR | [Etherscan](https://etherscan.io/token/0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2) | | | +| Melon Token | MLN | | security@melonport.com | | +| Monaco | MCO | [Etherscan](https://etherscan.io/token/0xb63b606ac810a52cca15e44bb630fd42d8d1d83d) | contact@mco.crypto.com | | +| Mithril | MITH | [Etherscan](https://etherscan.io/token/0x3893b9422cd5d70a81edeffe3d5a1c6a978310bb) | | | +| Mixin | XIN | [Etherscan](https://etherscan.io/token/0xa974c709cfb4566686553a20790685a47aceaa33) | contact@mixin.one | | +| MUI Token | MUI | [Etherscan](https://etherscan.io/token/0x35321c78a48dd9ace94c8e060a4fc279a3a2d9fc) | wallet@sovereignwallet.network | | +| Nahmii | NII | [Etherscan](https://etherscan.io/token/0xac4f2f204b38390b92d0540908447d5ed352799a) | security@hubii.com | | +| Nectar | NEC | [Etherscan](https://etherscan.io/token/0xcc80c051057b774cd75067dc48f8987c4eb97a5e) | bounty@ethfinex.com | | +| NuCypher | NU | | security@nucypher.com | | +| Nuls | NULS | [Etherscan](https://etherscan.io/token/0xb91318f35bdb262e9423bc7c7c2a3a93dd93c92c) | hi@nuls.io | | +| Numeraire | NMR | [Etherscan](https://etherscan.io/address/0x1776e1f26f98b1a5df9cd347953a26dd3cb46671) | security@numer.ai | | +| ODEM | ODEM | [Etherscan](https://etherscan.io/token/0xbf52f2ab39e26e0951d2a02b49b7702abe30406a) | info@odem.io | | +| OmiseGO | OMG | [Etherscan](https://etherscan.io/token/0xd26114cd6EE289AccF82350c8d8487fedB8A0C07) | | | +| Orderbook BTC | OBTC | [Etherscan](https://etherscan.io/token/0x76ed39003c6ca656c1f5e5e2524eff03feeb6bfc) | security@orderbook.io | [Instructions](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | +| Orderbook USD | OUSD | [Etherscan](https://etherscan.io/token/0xca075cf7496d7fee464ceb98ccfbd3b6408bdf63) | security@orderbook.io | [Instructions](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | +| Paypex | PAYX | [Etherscan](https://etherscan.io/token/0x62a56a4a2ef4d355d34d10fbf837e747504d38d4) | contact@paypex.org | | +| POA20 Bridge | POA20 | [Etherscan](https://etherscan.io/token/0x6758b7d441a9739b98552b373703d8d3d14f9e62) | security@poanetwork.com | [Security page](https://forum.poa.network/c/general/security) | +| PolySwarm | NCT | [Etherscan](https://etherscan.io/token/0x9e46a38f5daabe8683e10793b06749eef7d733d1) | security@polyswarm.io | [Security page](https://polyswarm.io/security/) | +| Polymath | POLY | [Etherscan](https://etherscan.io/token/0x9992ec3cf6a55b00978cddf2b27bc6882d88d1ec) | support@polymath.zendesk.com | [Bug bounty](https://developers.polymath.network/docs/doc2.html) | +| Populous | PPT | [Etherscan](https://etherscan.io/token/0xd4fa1460f537bb9085d22c7bccb5dd450ef28e3a) | info@populous.co | | +| Power Ledger | POWR | [Etherscan](https://etherscan.io/token/0x595832f8fc6bf59c85c527fec3740a1b7a361269) | support@powerledger.io | | +| Pundi X | NPXS | [Etherscan](https://etherscan.io/token/0xa15c7ebe1f07caf6bff097d8a589fb8ac49ae5b3) | contact@pundix.com | | +| QASH | QASH | [Etherscan](https://etherscan.io/token/0x618e75ac90b12c6049ba3b27f5d5f8651b0037f6) | | | +| Quantstamp | QSP | [Etherscan](https://etherscan.io/token/0x99ea4db9ee77acd40b119bd1dc4e33e1c070b80d) | security@quantstamp.com | | +| RChain | RHOC | [Etherscan](https://etherscan.io/token/0x168296bb09e24a88805cb9c33356536b980d3fc5) | | | +| Ren | REN | [Etherscan](https://etherscan.io/address/0x408e41876cccdc0f92210600ef50372656052a38) | | | +| Sai | SAI | [Etherscan](https://etherscan.io/token/0x59adcf176ed2f6788a41b8ea4c4904518e62b6a4) | | | | +| Salt | SALT | [Etherscan](https://etherscan.io/token/0x4156D3342D5c385a87D264F90653733592000581) | salt_security@saltlending.com | | +| SelfKey | KEY | [Etherscan](https://etherscan.io/token/0x4cc19356f2d37338b9802aa8e8fc58b0373296e7) | help@selfkey.org | | | +| SpankChain | SPANK | [Etherscan](https://etherscan.io/token/0x42d6622dece394b54999fbd73d108123806f6a18) | security@spankchain.com | | +| Synthetix | SNX | [Proxy](https://contracts.synthetix.io/ProxySynthetix) [Underlying](https://contracts.synthetix.io/Synthetix) | security@synthetix.io | | +| Synths (all flavors) | sUSD, sETH, etc | [Proxy sUSD](https://contracts.synthetix.io/ProxysUSD) | security@synthetix.io | | +| Status | SNT | [Etherscan](https://etherscan.io/token/0x744d70fdbe2ba4cf95131626614a1763df805b9e) | security@status.im | | +| Storj | STORJ | [Etherscan](https://etherscan.io/token/0xb64ef51c888972c908cfacf59b47c1afbc0ab8ac) | hello@storj.io | | +| Tellor | TRB | [Etherscan](https://etherscan.io/address/0x88dF592F8eb5D7Bd38bFeF7dEb0fBc02cf3778a0) | info@tellor.io | | +| TenX | PAY | [Etherscan](https://etherscan.io/token/0xB97048628DB6B661D4C2aA833e95Dbe1A905B280) | team@tenx.tech | | +| Tether | USDT | [Etherscan](https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7) | security@tether.to , security@bitfinex.com | | +| TrueUSD | TUSD | [Etherscan](https://etherscan.io/token/0x8dd5fbce2f6a956c3022ba3663759011dd51e73e) | hello@trusttoken.com | | +| USDCoin | USDC | [Etherscan](https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48) | usdc-security@circle.com | | +| Veritaseum | VERI | [Etherscan](https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722b0FF52374) | | | +| Waltonchain | WTC | [Etherscan](https://etherscan.io/token/0xb7cb1c96db6b22b0d3d9536e0108d062bd488f74) | info@waltonchain.org | | +| WAX | WAX | [Etherscan](https://etherscan.io/token/0x39bb259f66e1c59d5abef88375979b4d20d98022) | support@wax.io | | +| Zilliqa | ZIL | [Etherscan](https://etherscan.io/token/0x05f4a42e251f2d52b8ed15e9fedaacfcef1fad27) | security@zilliqa.com | | + +## ERC721 Tokens + +| Name | Mainnet Address | Contact | More Info | +| --------------------- | ---------------------------------------------------------------------------------- | ---------------------- | --------- | +| CryptoKitties (CK) | [Etherscan](https://etherscan.io/token/0x06012c8cf97bead5deae237070f9587f8e7a266d) | | | +| Gods Unchained (GODS) | [Etherscan](https://etherscan.io/token/0x6EbeAf8e8E946F0716E6533A6f2cefc83f60e8Ab) | security@immutable.com | | + +## Exchanges + +| Name | Contact | More Info | +| ---------------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| A1 Exchange | contact@a1.exchange | | +| BCEX | business@bcex.top, service@bcex.top | | +| Bankera Exchange | technical@bankera.com | | +| Bibox | support@bibox.zendesk.com | | +| Binance | security@binance.com | [Bug Bounty](https://www.bugcrowd.com/binance) | +| Bitaccess | security@bitaccess.ca | [Bug bounty](https://hackerone.com/bitaccess) | +| Bittrex | security-reports@bittrex.com | | +| Bit-Z | safe@bit-z.pro | | +| Bitfinex | security@bitfinex.com | | +| bitFlyer | security@bitflyer.com | | +| Bitforex | support@bitforex.com, report@bitforex.com | | +| Bitso | security@bitso.com | | +| Bitstamp | security@bitstamp.net | | +| BitMEX | support@bitmex.com | [Security page](https://www.bitmex.com/app/security) | +| Blockchain | security@blockchain.com | [Bug bounty](https://hackerone.com/blockchain) | +| Coinbase | | [Bug bounty](https://hackerone.com/coinbase) | +| Coinbene | support@coinbene.com | | +| Coinbit | cs@coinbit.co.kr | | +| CoinExchange | support@coinexchange.io | | +| Coinfinity | security@coinfinity.co | [Security page](https://coinfinity.co/responsible-disclosure/) | +| Coinify | security@coinify.com | | +| Coinsquare | security@coinsquare.com | | +| Coinsuper | customer.support@coinsuper.com | | +| CoinSwitch | security@coinswitch.co | | +| CryptoFacilities | contact@cryptofacilities.com | | +| Digifinex | support@digifinex.com | | +| DOBI | service@dobitrade.com | | +| Ethfinex | security@ethfinex.com | | +| Exmo | admin@exmo.com | | +| EXX | support@exx.com | | +| Faa.st | security@faa.st | [Bug bounty](https://hackerone.com/bitaccess) | +| Gemini Trust | security@gemini.com | | +| HitBTC | relations@hitbtc.com, legal@hitbtc.com | | +| Huobi Global | sec@huobi.com | +| ICONOMI | security@iconomi.com | | +| IDAX | service@idax.mn | | +| Kraken | bugbounty@kraken.com | | +| Leverj | info@leverj.io | leverj.io | +| Lopeer | support@lopeer.com | lopeer.com | +| OKEx | support@okex.com, lawenforcement@okex.com | | +| Orderbook | security@orderbook.io | [Instructions](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | +| Poloniex | poloniex-security@circle.com | | +| qTrade.io | security@qtrade.io | | +| QuadrigaCX | security@quadrigacx.com | | +| SFOX | security@sfox.com | [Bug Bounty](https://my.cesppa.com/#/programs/tY5GTkif2Gkz5DbU76GRz7) | +| ShapeShift | security@shapeshift.io | | +| SpectroCoin | technical@spectrocoin.com | [Bug bounty](https://spectrocoin.com/en/bug-bounty.html) | +| Trade.io | security@trade.io | | +| Tokens | security@tokens.net | | +| ZBG | sp@zbg.com | | + +## Infrastructure + +| Name | Contact | More Info | +| ------------------- | ---------------------- | --------------------------------------------------------------------- | +| Ambisafe SaaS | security@ambisafe.com | | +| Etherscan | | | +| GasTracker | splix@gastracker.io | | +| Infura | security@infura.io | | +| PegaSys | security@pegasys.tech | For Pantheon, Orion, and Artemis: Ethereum 1.0/2.0/EEA clients | +| SafeBlocks Firewall | support@safeblocks.io | | +| Upvest | security@upvest.co | | +| QuikNode | info@quiknode.io | | +| Vyper | security@vyperlang.org | [Security Policy](https://github.com/vyperlang/vyper/security/policy) | + +## Wallets + +| Name | Contact | More info | +| --------------------- | ------------------------------ | --------------------------------------------------- | +| Ambisafe CryptoWallet | security@ambisafe.com | | +| Arkane | info@arkane.network | | +| Blockchain | security@blockchain.com | [Bug bounty](https://hackerone.com/blockchain) | +| BitGo | secteam@bitgo.com | | +| Emerald Wallet | security@etcdevteam.com | | +| Groundhog | security@groundhog.network | | +| KeepKey | security@shapeshift.io | | +| Ledger | security@ledger.fr | [Bug bounty](https://www.ledger.fr/bounty-program/) | +| MetaMask | security@metamask.io | [Bug bounty](https://metamask.io/security) | +| MyCrypto | security@mycrypto.com | [Disclosure Program](https://security.mycrypto.com) | +| MyEtherWallet | security@myetherwallet.com | [Bug bounty](https://hackerone.com/myetherwallet) | +| Parity | bugbounty@parity.io | [Bug bounty](https://paritytech.io/bug-bounty/) | +| SelfKey | help@selfkey.org | | +| SovereignWallet | wallet@sovereignwallet.network | | +| Trustwallet | support@trustwalletapp.com | | +| Unchained Capital | secure@unchained-capital.com | | +| Upvest | security@upvest.co | |