Responsible Disclosure Policy
Responsible Disclosure Policy
We take the security of our systems seriously. If you've discovered a vulnerability, we want to hear from you, and we commit to working with you in good faith.
We take the security of our systems seriously. If you've discovered a vulnerability, we want to hear from you, and we commit to working with you in good faith.
How to Report
Please send an email to security@firefish.io with:
A brief description of the vulnerability.
Clear, step-by-step instructions to reproduce it.
The potential impact of the find.
Rules & Safe Harbor
Do No Harm: Avoid privacy violations, data destruction, or service interruptions.
Confidentiality: Please give us a reasonable window to fix the issue before public disclosure.
Our Promise: If you act in good faith, we will not pursue legal action and will work with you to resolve the issue quickly.
Reward
While we do not have a formal bug bounty program at this time, we may offer financial rewards on a case-by-case basis for critical, high-impact findings.
Quick answers
Do you accept collateral other than Bitcoin?
How much Bitcoin do I need?
Who holds my Bitcoin?
How does the escrow work, and is it safe?
When can my collateral be liquidated?
Can I avoid liquidation?
Where is Firefish available?
What happens if Firefish becomes unavailable?
Quick answers
Do you accept collateral other than Bitcoin?
How much Bitcoin do I need?
Who holds my Bitcoin?
How does the escrow work, and is it safe?
When can my collateral be liquidated?
Can I avoid liquidation?
Where is Firefish available?
What happens if Firefish becomes unavailable?
Firefish Europe s.r.o. (ID: 55912974) is authorised as a crypto-asset service provider (CASP) under Regulation (EU) 2023/1114 (MiCA) to provide crypto-asset services referred to in Article 3(1) (16)(a), (c), (d) and (j). This authorisation covers crypto-asset services provided within the Firefish platform offering —operation of the bitcoin collateral escrow environment, liquidation exchange of collateral, and related on-chain transfers. Any other services available through the Firefish platform or Firefish activities connected to the platform operation fall outside the scope of MiCA and are not covered by this authorisation.
©2026 Firefish. All rights reserved.
Firefish
Firefish Europe s.r.o. (ID: 55912974) is authorised as a crypto-asset service provider (CASP) under Regulation (EU) 2023/1114 (MiCA) to provide crypto-asset services referred to in Article 3(1) (16)(a), (c), (d) and (j). This authorisation covers crypto-asset services provided within the Firefish platform offering —operation of the bitcoin collateral escrow environment, liquidation exchange of collateral, and related on-chain transfers. Any other services available through the Firefish platform or Firefish activities connected to the platform operation fall outside the scope of MiCA and are not covered by this authorisation.
©2026 Firefish. All rights reserved.
Firefish
Firefish Europe s.r.o. (ID: 55912974) is authorised as a crypto-asset service provider (CASP) under Regulation (EU) 2023/1114 (MiCA) to provide crypto-asset services referred to in Article 3(1) (16)(a), (c), (d) and (j). This authorisation covers crypto-asset services provided within the Firefish platform offering —operation of the bitcoin collateral escrow environment, liquidation exchange of collateral, and related on-chain transfers. Any other services available through the Firefish platform or Firefish activities connected to the platform operation fall outside the scope of MiCA and are not covered by this authorisation.
©2026 Firefish. All rights reserved.
Firefish
Firefish Europe s.r.o. (ID: 55912974) is authorised as a crypto-asset service provider (CASP) under Regulation (EU) 2023/1114 (MiCA) to provide crypto-asset services referred to in Article 3(1) (16)(a), (c), (d) and (j). This authorisation covers crypto-asset services provided within the Firefish platform offering —operation of the bitcoin collateral escrow environment, liquidation exchange of collateral, and related on-chain transfers. Any other services available through the Firefish platform or Firefish activities connected to the platform operation fall outside the scope of MiCA and are not covered by this authorisation.
©2026 Firefish. All rights reserved.
Firefish