Security Incidents

What to do when something is wrong — account compromise, suspicious activity, phishing, or a security issue you want to report.

---

I think my account was compromised. Act in this order, fastest first:

1. Change your password (or rotate OAuth credentials at the provider).
2. Unbind all OAuth providers from Settings → Profile → Linked Accounts and re-bind only the one you trust.
3. Disconnect connected brokerage from /account/connections to stop further trade authorization.
4. Disconnect bound wallets if any are at risk and you control the private key elsewhere.
5. Pause / stop all Auto Trade and Agentic Trading strategies under Settings → AI Trade.
6. Contact support@alphio.ai with the timestamp of suspected compromise, the IP / device if known, and any suspicious actions observed (trades, withdrawals, settings changes).

The security team can freeze the account pending investigation, which prevents further actions while you regain control.

Suspicious activity on my wallet. For on-chain wallets you control, the chain itself is the source of truth — check a block explorer for the wallet's tx history:

• If you see unauthorized transactions, the private key may be compromised. Move remaining funds to a fresh wallet (newly generated, never exposed) immediately.
• For Privy wallets — if you exported the key and it was leaked, the wallet is compromised. Generate a new wallet and migrate funds.
• For MetaMask / WalletConnect / external — the wallet's seed phrase / private key lives in the wallet app, not Alphio. If suspected leaked, migrate to a new wallet immediately.

Revoke token approvals on the affected wallet using a tool like revoke.cash to stop further pulls via existing approvals. Report the incident via support with the wallet address and the suspicious tx hashes.

Lost my Telegram bot connection — security implications? Losing the Telegram bot binding stops notification delivery to that Telegram account; it does not by itself grant new access to anyone else:

• The Telegram binding is a one-way notification channel and a limited command surface — it does not own your funds.
• If you suspect the Telegram account itself was compromised (not just the bot binding), treat it as a broader compromise: secure the Telegram account, then re-bind to a clean Telegram account.
• If the bot disconnected for an unknown reason, just re-bind from /get-started/connect-telegram — most disconnections are routine (token rotation, account changes).

Reporting a security issue. For platform-level security issues (not just account compromise), email support@alphio.ai with:

• A clear description of the issue.
• Reproduction steps if applicable.
• Impact assessment as you see it (what could an attacker do?).
• Your account so the team can attribute and follow up.

warning

A formal bug bounty program with structured rewards is not currently published. Responsible disclosure is still appreciated and the team responds to credible reports — payouts are discretionary today. If you find a vulnerability, please disclose it privately to support before any public mention.

Phishing email pretending to be Alphio. Phishing is increasingly common. Some heuristics that help spot a fake:

• Sender domain — legitimate Alphio email comes from @alphio.ai. Lookalike domains (alph10.ai, alphio-support.com, etc.) are phishing.
• Urgency / threats — "your account will be deleted in 24 hours unless you click here" is a classic phishing pattern. Alphio doesn't send those.
• Asks for password / seed phrase — Alphio never asks for your password or wallet seed phrase by email. Any email requesting them is phishing.
• Asks for unsolicited transfers — Alphio never asks you to send funds to an address for "verification" or "unlocking".

If you receive a suspicious email, forward it to support@alphio.ai for confirmation. Do not click links in suspicious emails — type alphio.ai into the browser instead.