Reporting a security issue

If you discover a security vulnerability in Coinrule, email [email protected] with a description, reproduction steps, and any proof-of-concept materials. This article covers what qualifies as a security issue, what information to include, and what to expect after submitting a report.

How to report

Email [email protected] with a description of the issue. Please include:

• A clear description of the vulnerability
• Steps to reproduce
• Potential impact
• Any proof-of-concept code or screenshots (if applicable)

We treat all security reports as confidential.

What to report

• Authentication or authorisation bypasses
• Data exposure or information leakage
• Injection vulnerabilities (SQL, command, etc.)
• Credential exposure paths
• Any issue that could affect user funds or account access

What not to report via this channel

• Product bugs or feature requests — use [email protected] or the in-app feedback
• Exchange-side vulnerabilities — report those to the exchange directly

What happens after you report?

We aim to acknowledge security reports promptly and keep reporters informed of our progress. We do not have a formal public bug-bounty programme at this time.