Security and Abuse Reporting

Coin Stacker uses layered controls for account authentication, session handling, administrative access, event logging, fraud prevention, and operational monitoring. Controls may include HTTPS, scoped OAuth, password hashing, session validation, IP and device signals, rate limits, audit logs, and administrator access restrictions.

Security work is ongoing. No internet service can eliminate all risk, but Coin Stacker designs public account, dashboard, support, and administrative surfaces with least-privilege access and abuse visibility in mind.

Report suspected phishing, account abuse, vulnerabilities, suspicious domains, unsafe redirects, exposed secrets, or platform security issues to support@coin-stacker.com. Include the affected URL, what happened, approximate time, browser or device, and reproduction steps when relevant.

Do not include passwords, seed phrases, private keys, bank credentials, full payment credentials, or exchange withdrawal credentials in a report. If a report involves another person, share only the minimum information needed for investigation.

The official production domain is coin-stacker.com. If a page claims to represent Coin Stacker on a different domain, requests secrets, changes payment instructions unexpectedly, or pressures you to bypass security checks, treat it as suspicious.

Coin Stacker will not ask for your Google password, exchange password, exchange withdrawal keys, wallet seed phrase, private key, banking password, or remote-control access to your device.

Use strong, unique passwords and keep your email account secure. If OAuth is used, review the provider screen carefully and make sure the destination is coin-stacker.com.

When using exchange API credentials, prefer trading-only permissions, apply IP restrictions where supported, and avoid withdrawal permissions for automation workflows unless a feature explicitly requires them and you understand the risk.

Coin Stacker reviews security and abuse reports according to severity, exploitability, affected users, and platform risk. We may ask for additional information, apply mitigation, block abusive activity, rotate affected credentials, or coordinate with infrastructure providers where appropriate.

This page does not create a bug-bounty program, reward promise, service-level commitment, or permission to test systems outside your own account. Do not disrupt service, access data that is not yours, or perform destructive testing.