Electric Coin Company will announce any breaking security issues on this website’s Security Announcements page. We suggest all users of Zcash wallets and services read the Privacy & Security Recommendations page.
Security Issues and Audits
Each release contains a ./doc/security-warnings.md document describing security issues known to affect that release. You can find the most recent version of this document here. Zcash has been subjected to formal third-party security reviews. Audit reviews can be found in the Zcash Foundation and Electric Coin Company blogs.
The Zcash protocol has a system to issue security alerts. These will be sent to all nodes. In the event the Electric Coin Company website is down or hacked, please also check these twitter handles: @ElectricCoinCo, @zooko, and @least_nathan.
Report Security Vulnerabilities
Below are keys we use to sign the software in our package repository.
- Zcash Master Signing Key: zcash.asc
Key fingerprint = 3FE6 3B67 F85E A808 DE9B 880E 6DEF 3BAF 2727 66C0
- Zcash Security Key: security.asc
Key fingerprint = AF85 0445 546C 18B7 86F9 2C62 88FB 8B86 D8B5 A68C
- Developer Public Keys
- Nathan Wilcox: nathan.asc
- Key fingerprint = 01A2 20DF 0EA9 A42C 4EAE 6B1D ED41 7FBE 79C9 9E8C
- Daira Hopwood: daira.asc
- Key fingerprint = 3D6A 08E9 1262 3E9A 00B2 1BDC 067F 4920 98CF 2762
- Sean Bowe: sean.asc
- Key fingerprint = 0395 DE0A 5027 BE0C 1F5A FB03 9568 4257 D8F8 B031
- Jack Grigg: jack.asc
- Key fingerprint = 2253 E2A1 EEB4 0E2A 3D22 EB1D 0EC5 1FCD A94F B53E