Reporting Security Vulnerabilities
We take security seriously at Muun. If you discover a security vulnerability, please report it to us responsibly.Contact Information
Send us an email to report any security related bugs or vulnerabilities:Security Contact
Encrypted Communication
You can encrypt your email message using our public PGP key.PGP Key Details
What to Include
When reporting a security vulnerability, please include:- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if applicable)
- Your contact information for follow-up questions
Our Commitment
When you report a security issue to us, we commit to:- Acknowledge receipt of your vulnerability report
- Provide an estimated timeline for addressing the vulnerability
- Notify you when the vulnerability has been fixed
- Credit you for the discovery (if desired)
Scope
This responsible disclosure policy applies to:- Muun Android wallet
- Muun iOS wallet
- Muun backend services
- Any other Muun infrastructure
Please Do Not
- Disclose the vulnerability publicly before we’ve had a chance to address it
- Access or modify user data without permission
- Perform testing that could degrade the service for other users
- Use social engineering or physical attacks against Muun employees or infrastructure
Additional Security Resources
Source Code
Review the Android wallet source code
Build Instructions
Learn how to build and audit the wallet