The Axie Infinity Offline project takes security seriously. As an offline application that handles no user data, our security focus is on:
- Application Security: Preventing malicious code execution
- Local Data Protection: Securing user's local game data
- Download Integrity: Ensuring safe and authentic releases
- Privacy Protection: Maintaining complete offline operation
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 2.1.x | β Actively supported |
| 2.0.x | β Security updates only |
| 1.9.x | β No longer supported |
| < 1.9 | β No longer supported |
If you discover a security vulnerability, please report it privately:
Email: [email protected]
PGP Key: Available on request
Response Time: Within 48 hours
Please provide as much information as possible:
- Description: Clear explanation of the vulnerability
- Impact: Potential security implications
- Reproduction: Steps to reproduce the issue
- Environment: Operating system, app version, etc.
- Proof of Concept: Code or screenshots (if applicable)
β Do NOT create public GitHub issues for security vulnerabilities
β Do NOT post security issues in Discord or forums
β Do NOT share exploits publicly before we've addressed them
- Code Signing: All releases are digitally signed
- Sandboxing: Application runs with minimal system permissions
- No Network Access: Complete offline operation prevents data leaks
- Local Storage: All data stored locally with user control
- Checksum Verification: SHA-256 hashes provided for all downloads
- Official Sources Only: Download only from GitHub releases or official mirrors
- Anti-Virus Scanning: All releases scanned before publication
- Reproducible Builds: Build process is transparent and verifiable
- No Telemetry: Zero data collection or analytics
- No External Calls: No connections to external servers
- Local Processing: All calculations performed locally
- User Control: Users own all their data
β Do:
- Download from official GitHub releases
- Verify file checksums before installation
- Use updated antivirus software
- Read release notes and changelog
β Don't:
- Download from unofficial sources
- Ignore antivirus warnings without investigation
- Run suspicious files even if they claim to be our app
- Share the application through unofficial channels
- Firewall: Application doesn't require internet access
- Permissions: Grant minimal required system permissions
- Updates: Keep the application updated to latest version
- Backups: Backup your team builds and game data regularly
- Acknowledgment: Confirm receipt within 48 hours
- Assessment: Evaluate severity and impact
- Development: Create and test security fix
- Coordination: Work with reporter on disclosure timeline
- Release: Deploy patch and security advisory
- Follow-up: Monitor for additional issues
- Critical Issues: Emergency patch within 24-72 hours
- High Severity: Patch within 1-2 weeks
- Medium/Low: Included in next regular release
We maintain a responsible disclosure program and recognize security researchers who help improve our security:
Security contributors will be listed here (with permission)
- Credit in security advisories
- Special mention in release notes
- Optional listing in security hall of fame
- Bug bounty consideration for significant findings
- Email: [email protected]
- Discord: Message @Security team members only
- Emergency: For critical issues affecting many users
All releases are signed with our PGP key:
Key ID: [KEY_ID]
Fingerprint: [FINGERPRINT]
# Verify release signature
gpg --verify axie-offline-v2.1.0.asc axie-offline-v2.1.0.zip
# Check file integrity
sha256sum -c axie-offline-v2.1.0.sha256- Download from official GitHub releases only
- Verify file checksums match published values
- Scan downloaded files with antivirus
- Read security advisories for your version
- Keep application updated to latest version
- Don't run other untrusted software simultaneously
- Monitor system performance for anomalies
- Backup game data regularly
- Stop using the application immediately
- Document any suspicious behavior
- Contact our security team
- Don't share potentially compromised data
- Local File Access: Application can read/write local files (by design)
- System Resources: Uses CPU/GPU for game calculations (normal)
- Memory Usage: Loads game assets into memory (expected behavior)
- High CPU usage during battles (intensive calculations)
- Local file creation for save data (required functionality)
- Memory usage for graphics assets (normal for games)
- Requests for graphics API access (required for rendering)
Remember: When in doubt about security, contact us privately before taking any action. We're here to help ensure everyone has a safe and secure gaming experience! π‘οΈ