Responsible Disclosure

Coinomi values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible disclosure process.

If you are a security researcher and would like to report a vulnerability, please send an email to: [email protected] Please provide your name, contact information, and company name (if applicable) with each report. Priority will be granted to encrypted reports — please include your PGP public key along with the report.

Download the Coinomi PGP key

Responsible Disclosure Guidelines

We will investigate legitimate reports and make every effort to quickly correct any confirmed vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure guidelines:

  1. Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
  2. Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services.
  3. Do not modify or access data that does not belong to you.
  4. Give us a reasonable time to correct the issue before making any information public.
  5. We only accept reports for services provided exclusively by Coinomi and not by any third party.

We will make every effort to respond to your disclosure within 1-2 business days.

Disclosures that do not fully comply with the above guidelines will not be eligible for bounties or any of the assurances discussed therein.

Previously Disclosed Issues

Researcher Type Bounty
Anonymous Android Configuration $100.00
Dmitry D. Backend Configuration $150.00
Anonymous Source Code Leakage $2,500.00
Sajibe K. Website Configuration $150.00
Vadim Z. Android Configuration $100.00
atestpk Integration Issue $250.00
Pratik Yadav Android Configuration $200.00