If you believe you have found a security issue, please submit the report to our security team via email to [email protected]. We accept vulnerability reports only at this address. This address can be used for all of Everstake products.
Please follow “Safe disclosure” and encrypt your message using our GPG key.
🔑 PGP key-id:
dc4086e9056c17234d62a44e302f408b14f95372
🔑 PGP fingerprint:
DC40 86E9 056C 1723 4D62 A44E 302F 408B 14F9 5372
The key is available at keyserver.
If you wish to encrypt your submission with our GPG key, please download it here.
Follow next vulnerability reporting guidelines
Please do not share the vulnerability information to third parties, without our express consent
Encrypt your message
Set meaningful email subject that reflects the issue
The report must provide as much detail as possible, including:
Valid reporter contact information.
Type of vulnerability (cross-site scripting, SQL injection, remote code execution, firewall misconfiguration, etc.)
Detailed description of the location and nature of the vulnerability with the timeline for the discovery.
Detailed steps to reproduce the vulnerability (screenshots or videos are always helpful), any PoC or exploit code.
The potential impact of the vulnerability (i.e. what data can be accessed or modified).
Mitigations or workarounds.
By submitting this form, you are acknowledging that you have read and agree to our Privacy Notice, which details how we collect and use your information.
SECURITY
RESOURCES
Everstake Validation Services LLC
Hermes Corporate Services Ltd., Fifth Floor, Zephyr House
122 Mary Street, George Town, P.O. Box 31493
Grand Cayman KY1-1206, Cayman Islands
Everstake, Inc. or any of its affiliates is a software platform that provides infrastructure tools and resources for users, but does not offer investment advice or investment opportunities, manage funds, facilitate collective investment schemes, provide financial services, or take custody of, or otherwise hold or manage, customer assets. Everstake, Inc. or any of its affiliates does not conduct any independent diligence on or substantive review of any blockchain asset, digital currency, cryptocurrency, or associated funds. Everstake, Inc., or any of its affiliates, providing technology services that allow a user to stake digital assets, does not endorse or recommend any digital assets. Users are fully and solely responsible for evaluating whether to stake digital assets. All metrics displayed on the website, including without limitations value of staked assets, total number of active users, rewards rates, and networks supported, are historical figures and may not represent the actual real-time data.
Copyright © 2026 Everstake