Skip to main content
Important Update Banner


Security Notice: GenLayer Portal Data Incident

Last updated:
25 June 2026

We want to make GenLayer Portal users aware of a data security incident and the steps we have taken in response.

What happened

On 30 May 2026, we identified that a part of the GenLayer Portal had allowed an unauthorized party to access certain user information. We deployed a fix the same day we identified the issue.

The only non-public information involved was users' email addresses. Other profile information that the incident touched, including wallet addresses and usernames, was already publicly visible on each user's Portal profile and could be viewed by anyone without logging in. The incident allowed those already-public details to be linked to a user's email address.

No passwords, private keys, or seed phrases were stored on the Portal or accessed in this incident.

What this could mean for you

Because email addresses could be connected to existing public profile information, some of this data was used to send phishing emails impersonating GenLayer, typically claiming you have a reward, XP, or tokens to claim and directing you to a fraudulent website. These particular messages were not from us. The main risk to users is phishing, impersonation, and similar attempts to trick you into giving up access to your wallet. We have no confirmed reports of any user funds being lost.

What we have done
  • 30 May 2026: Identified the issue and deployed a fix the same day, applying additional access controls to the affected part of the Portal
  • 30 May 2026: Posted warnings across our official Discord and Telegram channels
  • 30 May 2026: Reported the fraudulent website and phishing emails for takedown
  • Early June 2026: Notified the relevant authorities and began notifying affected users by email where we hold an address
  • Ongoing: Preserved relevant records and conducted an internal review of the incident
How to protect yourself
  • Be cautious with any message claiming you have a reward, XP, or tokens to claim, especially if it asks you to act urgently
  • Never enter your seed phrase, and never connect your wallet to a site you reached from an email or message you did not expect
  • We will only communicate through our official channels: our official website, our verified email address, our official Discord, and our official Telegram. You can find the current list of official channels on our website
  • When in doubt, do not click. Go directly to our official website, or ask in our official Discord or Telegram, before taking any action
  • No legitimate GenLayer message or website will ever ask you for your seed phrase or private keys
Questions

If you have any questions or want to report a suspicious message, contact us at contact@genlayer.foundation.