This bug bounty program covers code within the OneKey repositories that directly impacts the security of OneKey products and users.
All vulnerability reports must be submitted through one of the following channels:
- Private disclosure: Send an email to security@onekey.so — recommended for high-severity vulnerabilities. Private submissions remain fully eligible for bounties.
- BugRap Platform: Submit through our official page on BugRap.
Please visit bugrap bounty policy or security.md in repo for more details.