Nexo's security team is excited to work with the community to make sure Nexo remains the most secure platform in the crypto space. If you have discovered security vulnerabilities anywhere in our services, we'll greatly appreciate your cooperation in disclosing them to us in a responsible manner, following the guidelines set out below.
Our primary focus is on vulnerabilities that:
When reporting vulnerabilities, please consider the attack exploitability and security impact of the bug. The following issues are considered out of scope:
Please email all reports to firstname.lastname@example.org. Include any steps required to reproduce or exploit the vulnerability. Please allow enough time for the vulnerability to be addressed before discussing any findings publicly. Once we receive your report, Nexo's security team will contact you with a timetable for implementing a fix.
All activities performed following these guidelines will be considered authorized conduct, and won't be followed by legal action against you. If a third party initiates legal action against you in connection with activities conducted under these guidelines, we will take steps to make it known that your actions were conducted in compliance with Nexo's policies.
Thank you for helping keep Nexo safe.
We want to give proper credit to the people who help us improve our services and protect the Nexo community. If you discover a significant vulnerability and report it following the guidelines above, we will add your name to our Wall of Fame. If you wish to keep your disclosure confidential, just let us know, and we won’t reveal your identity. If several parties report the same vulnerability before it is fixed, the acknowledgment will go to the first one to report the issue.