Reporting a security vulnerability

Protecting the clients of Cy Creek Bank is our top priority, and we welcome the contributions of independent security professionals to assist us in our goal. If you believe that you have found a security vulnerability, please report it via email to security@go2cycreek.com

Reports may be submitted anonymously. We may not respond to every report. For all other inquiries unrelated to security vulnerabilities, please contact us via our contact form

For particularly sensitive information, please make initial contact through the method above, and we will work with you to establish a secure channel of communication. By submitting a vulnerability, you acknowledge that you have no expectation of payment related to your submission.

What is a Security Vulnerability?

A security vulnerability is a defect in a system, protocol, or service which can be exploited to cause unintended negative effects to the users of that system. These effects may include disclosure of information, alteration or destruction of data, or unavailability of the service itself. For examples of vulnerabilities, please refer to resources such as the OWASP Top 10.

Responsible Disclosure

Cy Creek Bank is committed to protecting our clients. As such, we are committed to the principles of coordinated disclosure. If you intend to disclose your findings publicly, we ask that you coordinate with us in advance, so that we may remediate any issues prior to their public release.

How to Report

In order to help us triage and investigate submissions, we recommend that your reports to security@go2cycreek.com contain:

  • The location of the vulnerability (URI, IP address, application)
  • A summary of the vulnerability and perceived impact
  • A detailed description of the steps needed to reproduce or exhibit the vulnerability
  • How the vulnerability was identified

Proof of concept scripts or screenshots are helpful, but not required.

logo
Platform
CustodyStakingTradingGovernanceAssets supported
Who we serve
ProtocolsRIAsRIAsVC firmsAsset managers
Company
AboutCareers
Contact us
Email
contact@go2cycreek.compress@go2cycreek.com

Cy Creek Bank does not provide legal, tax, or investment advice. Cy Creek Bank is not engaged in the business of the offer, sales, or trading of securities and is not registered with the SEC. Cy Creek Bank does not provide legal, tax, or investment advice.

Holdings of cryptocurrencies and other digital assets are speculative and involve a substantial degree of risk, including the risk of complete loss. There can be no assurance that any cryptocurrency, token, coin, or other crypto asset will be viable, liquid, or solvent. No Cy Creek Bank communication is intended to imply that any digital asset services are low-risk or risk-free. Cy Creek Bank endeavors to provide accurate information on this website, but cannot guarantee all content is correct, complete, or updated.

Digital assets held in custody are not guaranteed by Cy Creek Bank and are not subject to the insurance protections of the Federal Deposit Insurance Corporation ("FDIC") or the Securities Investor Protection Corporation ("SIPC").

© 2024 Cy Creek Bank - All rights reserved.
Privacy policy
T&C
Legal
Terms and disclosures