0xCERTReport incident

About

A CERT for the open ledger.

Public blockchains process trillions in value with no help desk and no coordinated response function. 0xCERT fills that gap — independent of any chain, foundation, or vendor.

What is a blockchain CERT?

A Computer Emergency Response Team (CERT) is a coordinated group of analysts and operators that handles security incidents on behalf of a defined constituency. The concept was created in 1988 after the Morris worm. Today every major country, network, and software vendor has one.

Public blockchains do not. Smart contracts execute irrevocably, attackers control funds the instant a transaction confirms, and every chain has its own governance, validator set, and off-ramps. When something goes wrong, the project itself becomes the first responder — usually for the first time in their lives, at three in the morning, while their treasury is being drained.

A blockchain CERT does what every other CERT does — triage, coordinate, advise, archive — adapted to a world where the network is the adversary's execution environment, and the ledger is the crime scene.

Constituency

Who 0xCERT serves.

Our constituency is anyone affected by a blockchain security incident. In practice that means five overlapping groups, each with its own urgency profile.

Protocol & dApp Teams

DeFi, NFT, gaming, identity, and infrastructure projects deploying smart contracts on public chains.

Bridges & Cross-Chain Infrastructure

Cross-chain messaging, asset bridges, and intent-based interop systems with elevated systemic risk.

Wallets, RPCs, and Indexers

Consumer wallets, embedded wallets, RPC providers, and indexing services that mediate user interaction with chains.

Validators, Sequencers, and Node Operators

Operators of consensus and ordering infrastructure across L1s, L2s, and app-chains.

Foundations, DAOs & End Users

Treasury custodians, DAO governance bodies, and individual users impacted by phishing or theft.

Operating principles

Five rules we don't bend.

01

Vendor- and chain-neutral

We do not favor a chain, an L2, a wallet, or a security vendor. We coordinate with all of them and accept funding from none of them on incident-specific terms.

02

Coordinated disclosure

We honor embargoes, give maintainers time to patch, and credit researchers. No public advisory ships without the affected party's awareness.

03

Public by default

Once an incident is contained, the post-mortem, IOCs, and advisory are public. The ecosystem only gets safer if everyone learns.

04

No fees during a live incident

If your protocol is being exploited right now, we do not ask for a contract, a retainer, or a check. Pay it forward later, or don't.

05

On-chain evidence first

Our claims are backed by transaction hashes, contract addresses, and storage proofs — not screenshots, not vibes.

Disclosure policy

How we handle vulnerabilities.

T+0

Intake

Researcher submits via secure channel. We acknowledge within 24h with a tracking ID and triage severity.

T+0–90d

Coordinated embargo

We notify the maintainer, broker fixes, and coordinate downstream notifications. Default embargo is 90 days, extended only with researcher consent.

T+disclosure

Publication

Public advisory with severity, affected versions, remediation, and researcher credit. Mirror to CVE/GHSA where applicable.

RFC 2350 profile

Formal team description.

Following RFC 2350 — the IETF format for documenting a CERT's scope, contact, and policies — so partner CERTs and researchers know exactly what to expect. The summary below is authoritative only in its signed form: download the canonical, PGP-signed document and verify it against our key.

↓ Signed RFC 2350 (/rfc2350.txt)↓ PGP public key (/pgp.asc)
1. Document Information
0xCERT Team Description, v1.0
2. Contact Information
cert@0xcert.com
2.1 Emergency Contact
soc@0xcert.com · 24/7 on-call
2.2 Public Keys
PGP 13C6 45BC B97B 1025 6CE7 0CD2 923B 60E3 68E2 374E
3. Charter — Mission
An independent CERT coordinating incident response, threat intelligence, and coordinated disclosure across public blockchains, smart contracts, bridges, and Web3 infrastructure.
3.1 Constituency
Public blockchain protocols, bridges, wallets, RPC providers, validators, foundations, DAOs, and end-users impacted by Web3 security incidents.
3.2 Sponsorship & Affiliation
Independent. Not affiliated with or controlled by any single chain, foundation, exchange, or commercial security vendor.
3.3 Authority
Coordinating authority only. We have no enforcement power; we operate by trust and convened cooperation.
4. Policies
Coordinated disclosure (default 90-day embargo). Public-by-default post-mortems. No fees during live incidents.
5. Services
Incident response · advisories · IOC feeds · phishing/drainer takedowns · stolen-fund tracing · awareness & training
6. Incident Reporting Forms
https://0xcert.com/report — structured intake with severity, chain, addresses, and contact
7. Disclaimers
Information shared is best-effort. 0xCERT does not provide legal, regulatory, or investment advice.