Report an Issue
Thanks for helping keep PRC Wallet safe. Use this page to report security vulnerabilities, phishing/scams, or general bugs. We read every report.
We will never ask for your seed phrase, private key, or passphrase. If anyone does, it's a scam. Report to [email protected]
Choose Report Type
1) Security Vulnerability
Use this for flaws that could impact user funds, keys, privacy, or integrity.
Examples (in-scope):
private-key/seed exposure, signature spoofing, tx tampering, approval hijacking, auth/session flaws, RPC misuse enabling fund loss, privacy-bypass, supply-chain risks (update/signing).
Not in scope:
self-XSS, missing security headers without impact, rate-limit only, UI typos, outdated library with no exploit path, issues in third-party dApps not owned by PRC.
How to report:
Email [email protected] (optionally encrypt with PGP) or submit via the Security tab in the form.
2) Phishing / Brand Abuse
Fake sites, impostor apps, malicious socials, scam airdrops.
How to report:
Send URLs, screenshots, and any tx hashes to [email protected].
3) General Bug
Crashes, UI issues, connectivity errors, stuck tx UX, performance.
How to report:
Use the Bug Report form or email [email protected].
Our Commitment
Acknowledgement:
within 48 hours for security; 24�48h for general bugs.
Triage:
severity assessed within 5 business days (often sooner).
Fix & Updates:
we'll share status and target versions in /support/changelog.
Coordinated Disclosure:
we prefer to fix before public disclosure; we'll coordinate timelines with you.
Severity Guide (for triage)
remote key/seed compromise, unauthorized fund movement, supply-chain compromise.
signature spoofing, approval hijack, privacy leak enabling targeted theft.
privilege escalation, CSRF with meaningful impact, persistent spoofing UI.
click-jacking without impact, minor info leakage, UI/UX defects affecting clarity.
PGP Key (for Security Reports)
You can also find this in /.well-known/security.txt