Electric Coin Company will announce any breaking security issues on this website’s Security Announcements page. We suggest all users of Zcash wallets and services read our Privacy & Security Recommendations page.
Security Audit
Zcash has been subjected to formal third-party security reviews. See our Zcash Audit Results blog for further details on these reviews.
Known Security Issues
Each release contains a ./doc/security-warnings.md document describing security issues known to affect that release. You can find the most recent version of this document here: https://github.com/zcash/zcash/blob/master/doc/security-warnings.md
Note that this link points to the “in development” version of the file, so it may have more recent findings than the version released with your software. (It might also have issues that are only relevant for the upcoming release which don’t affect the current release or older software.)
What if Electric Coin Company gets hacked?
In the event the Electric Coin Company website is down or hacked, please also check these twitter handles: @ZcashCo, @zooko, and @least_nathan. The Zcash protocol has an alert system and currently a small set of people working for Electric Coin Company control the keys to issue alerts. These will be sent to all nodes.
What if Electric Coin Company turns evil?
If we are sufficiently hacked, or if we collectively turn evil, the above resources will not be sufficient to protect you. Luckily, the Zcash network is growing into a larger and more resilient community beyond Electric Coin Company itself. If you suspect that the company has been compromised, please also check other community resources unrelated to Electric Coin Company.
Report Security Vulnerabilities
Contact [email protected] (security.asc) to submit security vulnerabilities or for sensitive discussions with our security team. Key fingerprint = AF85 0445 546C 18B7 86F9 2C62 88FB 8B86 D8B5 A68C