The first cryptocurrency built for Corporate Survivors.
"This policy was reviewed during a meeting that should have been an email. It is, for once, the email."
Filing Ref.: SEC-001
Effective Date: Upon commit to main
Version: 1.0
Status: Active π’
This document defines how security issues, scam reports, and incident response work for the CubertCoin project β covering the GitHub repository, smart contract, official channels, and treasury infrastructure.
If you discover a security vulnerability β in this repository, the smart contract (once deployed), or any official CubertCoin channel (e.g. a compromised Discord bot, a defaced website, a hijacked social account) β please report it responsibly.
Preferred: Open a private security advisory on GitHub. This keeps the report private until it's resolved.
If the link above is unavailable, private vulnerability reporting may not yet be enabled for this repository β in that case, use the alternative method below.
Alternative: Contact the Founder directly via the official channels listed below. Do not disclose unpatched vulnerabilities publicly (Discord, Telegram, X, GitHub Issues) until the Founder has confirmed the report and a fix or mitigation is in place.
- A clear description of the issue
- Steps to reproduce (if applicable)
- Potential impact (funds at risk, contract behavior, etc.)
- Your contact information, if you'd like a response
| Step | Timeline |
|---|---|
| Acknowledgment of report | Best-effort Within 48 hours |
| Initial assessment | Best-effort Within 5 days |
| Resolution or mitigation plan | Communicated as soon as available |
Responsible disclosure helps protect the community. Anyone who reports a valid issue in good faith will be credited (if desired) once the issue is resolved.
This is the most common "security" issue a memecoin project faces β and the one most likely to affect holders directly.
CubertCoin operates a zero-tolerance policy for scams, impersonation, and contract address fraud, as defined in the Governance Charter (Article VI).
The official $CUBE contract address, announcements, and links will only ever be published via:
| Channel | Link |
|---|---|
| π Website | cubertcoin.com |
| π¦ X / Twitter | @cubertcoin |
| π¬ Discord | Corporate Survivors HQ |
| π’ Telegram | Corporate Hotline |
Any contract address, link, or announcement from any other source β including DMs, comments, or accounts impersonating the project β is unauthorized and should be treated as a scam.
π **No one from CubertCoin will ever DM you first, ask for your seed phrase, private key, or wallet approval "to verify your wallet," or ask you to connect your wallet to a site outside cubertcoin.com. Any message claiming otherwise β even from an account that looks like an admin or moderator β is a scam.
- Do not interact with the suspicious link, contract, or account.
- Report it via GitHub Issues or the official Discord/Telegram.
- Include screenshots, links, and contract addresses where possible.
Per the Governance Charter, Article VI:
- Core Contributors flag and document the incident.
- A community warning is issued within 2 hours across all official channels.
- The Founder reviews and issues an official statement within 24 hours.
- The incident is logged in a public registry (to be established at launch).
The security of project funds and the $CUBE token itself relies on verifiable, on-chain mechanisms rather than promises:
| Mechanism | Status | Detail |
|---|---|---|
| Mint Authority | π‘ Active until launch | Will be revoked permanently on-chain at launch |
| Freeze Authority | β Never set | Was not set upon token creation β verified on Solscan |
| Treasury Multisig | β Live | Squads Protocol, 2-of-3 β 7ay63WdfndoouyBqfXK1z5oy1s8CYoywR2ML9Aaf2cCF |
| Team Vesting | β Live | Streamflow, 6-month cliff + 12-month vesting β contract active |
| Liquidity Lock | βͺ Pending launch | Streamflow, 12 months minimum β executed at launch |
Once executed, all of the above will be verifiable on-chain via the On-Chain Verification table in the Tokenomics document β including direct links to Solscan/Solana Explorer for each contract and transaction.
While the project is in its current solo-founder phase:
- The Treasury multisig is self-custodied across separate physical devices, including at least one hardware wallet, to reduce single-device compromise risk.
- No single device or session has unilateral control over treasury funds.
- Liquidity and team token allocations, once locked via Streamflow, are governed by immutable smart contracts β not even the Founder can bypass them before the unlock date. As the project grows, the plan is to evolve toward additional independent signers on the Treasury multisig, per the Governance Charter, Article IV.
| Role | Contact |
|---|---|
| Founder | Via official Discord or Telegram (see Official Channels below) |
| Security Reports (GitHub) | Security Advisories |
| Scam/Fraud Reports | GitHub Issues or official Discord/Telegram |
A dedicated security contact email may be added at launch.
| Platform | Link |
|---|---|
| π Website | Corporate Intranet |
| π¦ X / Twitter | Corporate Broadcast System |
| π¬ Discord | Corporate Survivors HQ |
| π’ Telegram | Corporate Hotline |
| π½ Reddit | Employee Forum |
| πΈ Instagram | Corporate Gallery |
| π» GitHub | Corporate Repository |
| π Paragraph | Corporate Memos |
- β FAQ
- π Brand Book
- π Changelog
- βοΈ Code of Conduct
- π The Cubert Thesis
- π Employee Handbook
- π Glossary
- ποΈ Governance Charter
- π¨ Media Kit
β οΈ Risk Disclosure- πΊοΈ Roadmap
- π Tokenomics
- π€ Contributing Guide
| Version | Date | Summary |
|---|---|---|
| 1.0 | June 2026 | Initial Security Policy |
Proof of Burnout.
Another Meeting. Another Token.
CubertCoin Security Policy Β· v1.0 Β· Filed under: SEC-001