The Elite Operatives.
NYX Chat Security Hall of Fame recognizes elite white-hat hackers and researchers who responsibly disclose vulnerabilities in our zero-knowledge architecture. Our bug bounty program focuses on E2EE bypasses, Signal Protocol integrity, WebAuthn PRF key security, and Argon2id blind indexing hash collisions.
"Security is not a state of rest; it is a continuous operation. We honor the cryptographers and researchers who successfully breach our walls and responsibly report it."
Reporting a Vulnerability
>>> DO NOT OPEN A PUBLIC ISSUE <<<
Under no circumstances should you report critical security vulnerabilities via public GitHub Issues or PRs. Doing so compromises all active NYX deployments.
Please report any suspected vulnerabilities directly to the core command at [email protected]. We will acknowledge receipt within 48 hours and begin drafting a hotfix in a private sandbox.
Target Priorities
🎯 In-Scope Targets
- [*] Double Ratchet / E2EE bypasses.
- [*] WebAuthn PRF key extraction.
- [*] Blind Indexing (Argon2id) hash collisions.
- [*] WebRTC signaling interception.
- [*] IndexedDB local vault extraction.
🚫 Out-of-Scope
- [x] Volumetric attacks (DDoS, Spamming).
- [x] Phishing or Social Engineering.
- [x] UI/UX bugs with no privacy impact.
- [x] Theoretical flaws without a Proof of Concept (PoC).
Acknowledged Researchers
| OPERATIVE / HANDLE | BREACH DATE | VULNERABILITY CLASS | PORTFOLIO |
|---|---|---|---|
| ~ faiqalfaruq | 2026-04-03 | DOM-Based XSS (Pre-load App Execution) | [GITHUB] |