Contact
How to reach us, by urgency.
If you are in the middle of an incident, skip everything else and email the on-call address. Otherwise pick the channel that matches your need.
Active incident on-call
Funds moving, key exposed, front-end serving malicious code, signer compromised.
›soc@0xcert.orgPaged 24/7. Initial response within 60 minutes.
Vulnerability disclosure
Researcher submitting a vulnerability for coordinated disclosure. PGP-encrypted submissions preferred.
›cert@0xcert.orgAcknowledged within 24h with a tracking ID.
General inquiries
Press, partnerships, speaking, training requests, or constituency questions.
›cert@0xcert.orgResponse within 2 business days.
Coordinating with another CERT
Cross-team incident coordination via FIRST, Trusted Introducer, or bilateral channels.
›cert@0xcert.orgWe are reachable via FIRST member channels — request inclusion in the relevant case room.
Secure channel
PGP public key.
Encrypt anything sensitive — exploit details, attacker addresses, signer compromise reports. Verify the fingerprint before use.
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGgxXXXBEADx0xCERTpublickeyMATERIALplaceholder0xCERTpublickeyMA TERIALplaceholder0xCERTpublickeyMATERIALplaceholder0xCERTpublickey MATERIALplaceholder0xCERTpublickeyMATERIALplaceholder0xCERTpublic keyMATERIALplaceholder0xCERTpublickeyMATERIALplaceholder0xCERTpub ... (truncated — fetch full key from /pgp.asc) =0xCT -----END PGP PUBLIC KEY BLOCK-----
What to include
Give us enough to act.
- ›What happened, in one sentence (e.g. 'Bridge contract drained').
- ›Affected chain(s) and contract addresses.
- ›Transaction hash(es) — at minimum the attacker's first malicious tx.
- ›Whether funds are still moving and any estimated USD at risk.
- ›Whether you have already contacted exchanges, the project, or law enforcement.
- ›How you want to be reached for follow-up (email, Signal, etc.).