What is the Cinoslots PGP key and when should I use it?
Use it to encrypt sensitive emails to [email protected] (bug reports, KYC documents). Available at /pgp-key.txt.
When to use PGP
You don't need PGP for normal support — live chat and standard email work fine for everyday questions. PGP is for cases where the content of the email itself is sensitive:
- Security vulnerability reports to [email protected]
- KYC documents sent outside our portal (rarely required)
- Source-of-funds documentation if you'd rather not transmit it in cleartext
- Anything that contains your seed phrase (this should NEVER need to be shared, but if it must, encrypt)
Our key
Get the public key at:
https://cinoslots.com/pgp-key.txt
Key fingerprint:
8F4A 9C3D B2E6 7F1A C0D5 4B8E 9A2F 6C7D 3E1B 5A9F
Always verify the fingerprint via a second channel (Telegram @cinoslots/pinned-message, Twitter @cinoslots, our security.txt) before trusting it.
How to encrypt an email
Web-based (easiest)
- Go to https://www.example-pgp-tool.com (any reputable web PGP tool)
- Paste our public key
- Compose your message
- Encrypt — copy the resulting block
- Paste into your email body and send
Native client
- Mailvelope (Chrome / Firefox extension) — integrates with Gmail/Outlook web
- Thunderbird with built-in PGP — desktop, Linux/Mac/Win
- GPG Keychain (macOS) + Apple Mail
- Kleopatra (Windows) + Outlook
Our key rotation
We rotate the PGP key annually (every January 1) and publish the new key with the old key's signature on the rotation date. Always check security.txt for the current key reference if a key looks expired.
Bug bounty
If you find a security issue, encrypt the report with PGP and send to [email protected]. Bounty range:
| Severity | Payout | |----------|--------| | Critical (RCE, auth bypass, fund theft) | $10,000 – $50,000 | | High (IDOR, stored XSS, privilege escalation) | $2,500 – $10,000 | | Medium (reflected XSS, CSRF) | $500 – $2,500 | | Low (minor info disclosure) | $100 – $500 |
We respond to encrypted reports within 24 hours and provide a triage timeline within 72 hours.
What we don't accept
- Reports based purely on automated scanner output without proof-of-concept
- Issues already publicly disclosed in the last 90 days
- DDoS, social engineering against staff, or physical attacks
- Issues in third-party game providers' code (forward those to the provider)
Isto foi útil?
96% de 93 leitores acharam isto útil.
Ainda precisa de ajuda?
Nossa equipe 24/7 responde em menos de um minuto.
Artigos relacionados
How do I recognize Cinoslots phishing attempts?
Phishing sites mimic our login page on lookalike domains. Always check the URL and look for the official 'verified' badge in your browser.
Which documents are accepted for KYC verification?
Government photo ID + selfie liveness for basic; add proof of address for intermediate; add source-of-funds for enhanced.