Security Policy - LastParadox™

Our Commitment to Security

At LastParadox, we take the security of our users and our decentralized network seriously. We value the contributions of the security research community and welcome reports of vulnerabilities.

If you believe you have found a security vulnerability in LastParadox (VPN, Daemon, Extension, or Website), we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

Safe Harbor

LastParadox considers security research authorized if you comply with this policy. We will not initiate legal action against you for accidental violations of this policy or for authorized security research.

To remain within the scope of this Safe Harbor, you must:

Only test systems that are in scope.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption of our service.
Do not exploit a vulnerability beyond what is necessary to demonstrate the proof of concept.
Report the vulnerability confidentially and give us reasonable time to fix it before making it public.

In Scope

Applications

LastParadox Desktop App (Windows / Linux / macOS)
LastParadox Daemon (Node.js P2P Core)
LastParadox Vault Extension (Chrome / Brave)

Infrastructure

lastparadox.xyz (This website)
Hypercore P2P Protocol implementation issues
Smart Contracts (Solana / Ethereum) integration

Out of Scope

The following types of testing are potentially harmful and therefore prohibited:

DDoS: Network denial of service attacks.
Social Engineering: Phishing, vishing, or trying to trick our team or users.
Physical Security: Attacks against our physical property or data centers.
Spam: Automated scanning tools that generate excessive traffic.

Rewards & Recognition

As an open-source, community-driven project, we do not currently offer monetary bug bounties.

However, we deeply appreciate your help. If you report a valid, non-trivial vulnerability, we will:

Publicly acknowledge your contribution in our Security Hall of Fame.
Provide a recommendation or reference for your professional portfolio.
Offer free Premium access to LastParadox VPN services.

How to Report

Please send your report via one of the following channels:

Email: security@lastparadox.xyz
Discord: Open a ticket in our Official Discord and ask for the Security Team.
GitHub: For non-critical bugs only — github.com/Lastexitfromnowhere. DO NOT post critical vulnerabilities publicly.

Please include a proof of concept (PoC) or clear steps to reproduce the vulnerability.

Security Hall of Fame

A huge thank you to the following researchers who have helped secure LastParadox:

?

You?

Be the first to secure our network.

VulnerabilityDisclosure Policy