Security at CSfi

CSfi uses wallet signatures for identity and session creation. CSfi will not ask for seed phrases, private keys, or unrestricted wallet permissions.

Users should verify URLs, wallet prompts, and transaction details before signing.

CSfi will never ask for your seed phrase, private key, Steam password, two-factor recovery code, or blanket permission to move assets outside an explicit custody or settlement workflow.

If a message, site, social account, or support contact asks for those secrets, stop and report it through the security contact path below.

Steam linking is used to verify inventory and support settlement workflows. Custody actions are separated from read-oriented account linking.

Custody and settlement flows should be reviewed alongside Privacy, Risks, Terms, and Contact details.

Steam linking is intended to identify the connected Steam account, map eligible inventory, and support custody or settlement workflows when a user explicitly starts them.

Read-oriented linking is not the same as depositing a skin. Deposits, locks, settlement, and withdrawals are separate actions with their own prompts and lifecycle states.

Security reports can be sent to security@csfi.exchange with reproduction steps, affected route or workflow, and any relevant transaction or request identifiers.