stake now
  1. home
  2. / report vulnerability
reporting security issues
If you believe you have found a security issue, please submit the report to our security team via email to security@everstake.one. We accept vulnerability reports only at this address. This address can be used for all of Everstake products.
Please follow “Safe disclosure” and encrypt your message using our GPG key.
report now
🔑 PGP key-id:
dc4086e9056c17234d62a44e302f408b14f95372
🔑 PGP fingerprint:
DC40 86E9 056C 1723 4D62 A44E 302F 408B 14F9 5372
The key is available at keyserver.
If you wish to encrypt your submission with our GPG key, please download it here.
Follow next vulnerability reporting guidelines
  • Please do not share the vulnerability information to third parties, without our express consent
  • Encrypt your message
  • Set meaningful email subject that reflects the issue
The report must provide as much detail as possible, including:
  • Valid reporter contact information.
  • Type of vulnerability (cross-site scripting, SQL injection, remote code execution, firewall misconfiguration, etc.)
  • Detailed description of the location and nature of the vulnerability with the timeline for the discovery.
  • Detailed steps to reproduce the vulnerability (screenshots or videos are always helpful), any PoC or exploit code.
  • The potential impact of the vulnerability (i.e. what data can be accessed or modified).
  • Mitigations or workarounds.

Contact us

Have questions?
We’re always there to answer!

Our distributed team of 20+ community managers is online 24/7 and is ready to assist you.