NetCoin Securitytrust center, wallet safety, release verification, and disclosure
trust center

Security is part of the product.

Wallet safety, API hardening, release verification, responsible disclosure, and known limitations live here.

Security snapshot

HTTPSRequired for hosted wallet encryption.
Non-custodialKeys stay in the browser/local wallet.
Manual payoutsOperator review before payout broadcasting.

Wallet safety

  • Never share recovery phrases or private keys.
  • Verify the domain before importing keys.
  • Use backup verification before storing value.
  • Lock the wallet on shared computers.

Release verification

Release packages should include SHA256 checksums and signatures. Verify downloads before running node software.

Disclosure

Report vulnerabilities privately. Do not post exploit details, private keys, or live credentials in public community posts.

API security checklist

  • Rate limits on write endpoints.
  • Input validation and size limits.
  • Webhook HMAC verification.
  • Admin auth and audit logs.

API hardening priorities

  • Rate limits on write endpoints.
  • Input validation and request size limits.
  • Webhook HMAC verification.
  • Audit logs for operator actions.
  • CORS and CSRF controls for browser forms.

Browser security headers

  • Content-Security-Policy.
  • X-Content-Type-Options.
  • Referrer-Policy.
  • Permissions-Policy.
  • HSTS after HTTPS is stable.

Account security

Merchant, moderation, and admin accounts should move toward passkeys/WebAuthn. Wallet private keys remain non-custodial and are not stored by accounts.

NetCoin is public testnet/demo software. Never share private keys or seed phrases.