Two main ways to responsibly report security issues privately:
- (preferred) if you have a GitHub account, use the built-in "Report a vulnerability" flow, or
- you can send an email to the addresses listed below. (Not for support. Support requests will be ignored.)
If using email, please send any report to all emails listed here.
| Name | GPG fingerprint | |
|---|---|---|
| ThomasV | thomasv [AT] electrum [DOT] org | 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 |
| SomberNight | somber.night [AT] protonmail [DOT] com | 4AD6 4339 DFA0 5E20 B3F6 AD51 E7B7 48CD AF5E 5ED9 |
These GPG public keys can be found in the Electrum git repository,
in the top-level pubkeys folder.