We value responsible disclosure and the researchers who help keep Oko secure.

• main (upcoming release)
• Latest stable release (older minors for critical issues at maintainers’ discretion)

• Email security@keplr.app
• Or open a private GitHub Security Advisory: Security → Advisories → Report a vulnerability

Include a short description, impact, affected versions, and reproduction steps if possible. Please avoid opening public issues.

• We practice coordinated disclosure and credit reporters unless anonymity is requested.
• No monetary bounty program is offered.
• Out of scope: social engineering, volumetric DoS, issues in unsupported third-party software, or findings requiring privileged/local access beyond our threat model.

Thanks for helping protect the Oko community.