Gem Fighter - Security

Our Security Principles

Security is a continuous quest. We apply least privilege to services, keep keys out of code, pin dependencies when possible, and monitor for suspicious activity. Smart contract interactions are explicit and require user confirmation in the wallet.

Private keys are never requested, stored, or transmitted by us.
Transactions require explicit confirmation in your wallet UI.
We use HTTPS everywhere and restrict third party scripts to vetted sources.

Protect Your Wallet

Only use wallets from official sources. Bookmark the Gem Fighter domain to avoid lookalikes.
Verify contract addresses before approving. For NFTs and tokens, check our official channels.
Review approvals regularly and revoke anything you do not recognize.
Use hardware wallets for larger holdings. Enable biometric or PIN locks on mobile.

Tip: In your wallet, prefer Sign over Sign and Send unless you intend to broadcast a transaction.

Vulnerability Disclosure and Bug Bounty

If you discover a security issue, report it privately so we can fix it before it is publicly known.

Email

support@hodltoken.net

PGP

Request our PGP key via the security email to exchange encrypted reports.

Scope

App front end, APIs, authentication, smart contract integrations, and game servers.

We may recognize impactful, original reports with swag, credits, or bounties at our discretion.

Responsible Disclosure Policy

Give us reasonable time to remediate before public disclosure.
Avoid privacy violations, data destruction, service degradation, or access to non public data beyond what is necessary to demonstrate the issue.
No social engineering, denial of service, or spam testing.

Security FAQ

Do you ever ask for my seed phrase

Never. No member of Gem Fighter will ever ask for your seed phrase or private key. If anyone does, treat it as malicious.

How do I verify official contract addresses

We publish addresses on official pages and socials. Always cross check multiple official sources before interacting.

What data does the site collect

We collect only what is necessary for site functionality, analytics, and fraud prevention. See the Privacy and Cookies pages for details.

Report an Incident

If your account or wallet may be compromised, cut connection immediately, rotate keys if possible, and contact us with:

Timeframe and nature of the incident
Wallet addresses involved
Steps to reproduce or suspicious links
Any relevant logs or screenshots