# Priority order:
1. Transfer MUSD first (most liquid)
2. Withdraw from all pools immediately
3. Transfer any other tokens
4. Send any remaining ETH/native tokens

Revoke All Approvals

Go to Revoke.cash and revoke ALL approvals on the compromised wallet.

Next Steps (< 24 hours):

Document Everything
- Screenshot all unauthorized transactions
- Note timestamps and amounts
- Save transaction hashes
- Record wallet addresses involved
Scan for Malware
- Run full antivirus scan
- Check browser extensions
- Review recent downloads
- Consider reformatting device
Report the Incident
- Email support@khipuvault.com with details
- Report to wallet provider (MetaMask, etc.)
- File police report if large amount stolen
- Report scam addresses to block explorers
Security Audit
- Review how wallet was compromised
- Update all passwords
- Enable 2FA everywhere possible
- Review seed phrase storage

Prevention for Future:

✅ Use hardware wallet for large amounts ✅ Keep seed phrase offline and secure ✅ Never share private keys ✅ Verify URLs before connecting wallet ✅ Use dedicated device for crypto

Full wallet security guide

2. Phishing Attack

Symptoms:

You signed a transaction you don't recognize
Clicked a suspicious link
Entered seed phrase on a website
Received urgent "security alert" email

If You Entered Seed Phrase on Phishing Site:

CRITICAL: Act Immediately

Your wallet is compromised. Funds will be stolen within minutes.

Immediate Actions (< 2 minutes):

Transfer ALL funds to a new wallet NOW
Do not delay - attackers work fast
Skip revocations - no time, just move funds

After Funds Are Safe:

Never use the compromised wallet again
Report the phishing site:

If You Signed a Malicious Transaction:

Check what you approved:
- Go to Revoke.cash
- Review recent approvals
- Look for unlimited approvals
Revoke immediately:
- Revoke the malicious approval
- Revoke ALL unlimited approvals
- Monitor for unauthorized transactions
Transfer funds to new wallet if approval was high-value

If You Just Clicked a Link (didn't sign anything):

Don't panic - clicking alone doesn't compromise wallet
Don't enter any information on the site
Close the tab immediately
Scan for malware - run antivirus
Monitor your wallet for next 24 hours

Prevention:

✅ Always verify URLs before connecting ✅ Bookmark official sites ✅ Read transaction details before signing ✅ Never enter seed phrase on any website ✅ Be suspicious of urgent messages

Phishing prevention guide

3. Contract Vulnerability Discovered

What We'll Do:

If a vulnerability is discovered in KhipuVault contracts:

Phase 1: Immediate Response (< 1 hour)

Pause Affected Contracts
- Multi-sig admins pause deposits
- Withdrawals remain enabled
- New interactions are blocked
Alert Community
- Discord announcement
- Twitter alert
- Email to registered users
- Status page update
Assess Impact
- Identify affected pools
- Calculate potential exposure
- Determine affected users

Phase 2: Mitigation (< 24 hours)

Develop Fix
- Emergency patch if possible
- Security review of fix
- Test on testnet
Deploy Solution
- Deploy new contracts if needed
- Provide migration path
- Announce timeline
Communicate Plan
- Detailed incident report
- Step-by-step user instructions
- FAQ for common questions
- Regular status updates

Phase 3: Recovery (< 7 days)

User Migration
- Withdraw from old contracts
- Deposit to new contracts
- Verify all funds accounted for
Post-Mortem
- Publish detailed analysis
- Explain root cause
- Describe lessons learned
- Outline prevention measures

What You Should Do:

✅ Monitor official channels for updates ✅ Follow migration instructions carefully ✅ Don't panic sell - assess calmly ✅ Ask questions if confused ✅ Verify all communications are from official sources

❌ Don't trust random DMs offering "help" ❌ Don't use third-party migration tools ❌ Don't share your private keys with anyone ❌ Don't make hasty decisions

4. Unable to Withdraw

Symptoms:

Withdrawal transaction fails
"Insufficient balance" error but balance shows funds
Transaction pending indefinitely
Contract reverts with error

Troubleshooting Steps:

Check Contract Status

Is the contract paused?

Go to status.khipuvault.com
Check Discord #announcements
Verify on block explorer

Verify Your Balance

Confirm you have funds:

Check pool balance in UI
Verify on block explorer
Ensure no pending withdrawals

Check Network Status

Verify blockchain is operating:

Check Mezo Status
Verify your RPC connection
Try different RPC endpoint

Review Transaction Details

If transaction failed:

Check error message on block explorer
Verify gas settings (not too low)
Ensure wallet has gas for fees
Try increasing gas limit

Common Issues & Solutions:

Issue: Insufficient Gas

Solution: Increase gas limit in MetaMask
- Open MetaMask
- Edit gas settings
- Increase gas limit by 20%
- Retry transaction

Issue: Slippage Too Low

Solution: Not applicable to KhipuVault
(No slippage for deposits/withdrawals)

Issue: Contract Paused

Solution: Wait for unpause announcement
- Withdrawals should still work even when paused
- If not, contact support immediately
- Check status page for updates

Issue: Pending Transaction Stuck

Solution: Speed up or cancel
- In MetaMask, click pending transaction
- Click "Speed Up" or "Cancel"
- Increase gas price
- Submit new transaction

When to Contact Support:

📧 Contact support@khipuvault.com if:

Withdrawal fails repeatedly with no error
Contract says paused but no announcement
Your balance shows 0 but you had deposits
Transaction succeeds but funds don't arrive
You see error messages you don't understand

Include in Your Message:

Wallet address (public)
Transaction hash (if available)
Error message (screenshot)
Steps you already tried
Pool type and amount

5. Website Down or Unreachable

Symptoms:

khipuvault.com won't load
"Site can't be reached" error
Infinite loading
404 or 500 errors

Don't Panic - Your Funds Are Safe:

Your Bitcoin is in smart contracts on the blockchain, NOT on our website. Even if our website is permanently offline, your funds are safe and accessible.

Immediate Steps:

Check if it's just you:
- Try different browser
- Try different device
- Try mobile data (not WiFi)
- Check DownDetector
Check official status:
- Status page: status.khipuvault.com
- Twitter: @KhipuVault
- Discord: discord.gg/khipuvault
Try backup access:
- IPFS gateway: khipuvault.ipfs.io (planned)
- Direct contract interaction (see below)

Direct Contract Interaction:

If the website is down, you can still withdraw directly:

Option 1: Using Etherscan/Block Explorer

1. Go to Mezo Block Explorer: explorer.test.mezo.org
2. Search for your pool contract address:
   - IndividualPool: 0xdfBEd2D3efBD2071fD407bF169b5e5533eA90393
   - CooperativePool: 0x323FcA9b377fe29B8fc95dDbD9Fe54cea1655F88
3. Click "Write Contract"
4. Connect your wallet
5. Find "withdraw" function
6. Enter amount (in wei: amount × 10^18)
7. Click "Write" and confirm transaction

Option 2: Using Foundry Cast

# Install Foundry
curl -L https://foundry.paradigm.xyz | bash
foundryup

# Withdraw from IndividualPool
cast send 0xdfBEd2D3efBD2071fD407bF169b5e5533eA90393 \
  "withdraw(uint256)" 1000000000000000000 \
  --rpc-url https://rpc.test.mezo.org \
  --private-key $PRIVATE_KEY

# Check your balance
cast call 0xdfBEd2D3efBD2071fD407bF169b5e5533eA90393 \
  "balanceOf(address)" $YOUR_ADDRESS \
  --rpc-url https://rpc.test.mezo.org

Option 3: Using ethers.js

const { ethers } = require('ethers');

const provider = new ethers.JsonRpcProvider('https://rpc.test.mezo.org');
const wallet = new ethers.Wallet(PRIVATE_KEY, provider);

const poolABI = ['function withdraw(uint256 amount)'];
const pool = new ethers.Contract(POOL_ADDRESS, poolABI, wallet);

// Withdraw 1000 MUSD
await pool.withdraw(ethers.parseEther('1000'));

6. Suspicious Activity Detected

Symptoms:

Unusual transactions in your account
Unexpected yield amounts
Unknown pools in your dashboard
Balance discrepancies

Investigation Steps:

Verify on Blockchain:
- Go to Mezo Explorer
- Search your wallet address
- Review ALL transactions chronologically
- Compare with your records
Check for Approvals:
- Go to Revoke.cash
- Connect wallet
- Review all token approvals
- Revoke anything suspicious
Review Pool Memberships:
- Log into KhipuVault
- Check all your pools
- Verify deposits match expectations
- Check yield history

If Activity is Unauthorized:

Secure your wallet immediately (see Compromised Wallet)
Document everything with screenshots
Report to support with evidence
File report if significant amount

If Activity Seems Wrong but Authorized:

Contact support for clarification
Check Discord for similar reports
Review yield calculations documentation
Ask questions before taking action

7. Lost Access to Wallet

Scenarios:

Lost Device (but have seed phrase)

✅ You CAN recover:

Get new device
Install wallet software (MetaMask, hardware wallet)
Select "Import using seed phrase"
Enter your 12/24 word seed phrase
Verify funds are restored

Lost Seed Phrase (but have device)

⚠️ Partial recovery possible:

Transfer funds NOW to new wallet
Create new wallet on secure device
Transfer ALL funds from old to new wallet
Never use old wallet again (can't recover if device is lost)

Lost Both Device and Seed Phrase

❌ Cannot recover:

Unfortunately, your funds are permanently lost. No one (including us) can recover them.

Prevention:

✅ Backup seed phrase in multiple secure locations
✅ Use fireproof/waterproof storage
✅ Tell trusted person where backups are (in case of emergency)
✅ Consider metal seed phrase backup

8. Gas Price Spike

Symptoms:

Transaction costs extremely high
Wallet shows $50+ for simple transaction
All transactions timing out

What to Do:

Wait if Not Urgent:
- Gas prices fluctuate
- Check Mezo Gas Tracker
- Wait for network to calm down

Adjust Gas Settings:

In MetaMask:
1. Click transaction
2. Click "Edit" on gas
3. Select "Low" priority
4. Wait longer for confirmation

Time Your Transactions:
- Avoid peak hours (US/EU business hours)
- Early morning (UTC) usually cheaper
- Weekends sometimes quieter

Emergency Withdrawal During High Gas:

If you MUST withdraw during high gas:

Withdraw maximum amount (not multiple small withdrawals)
Use "Fast" gas setting
Batch operations if possible
Accept higher cost as emergency fee

Communication Channels

Official Channels (Trust These)

✅ Website: https://khipuvault.com ✅ Documentation: https://docs.khipuvault.com ✅ Discord: https://discord.gg/khipuvault ✅ Twitter: https://twitter.com/KhipuVault (@KhipuVault) ✅ GitHub: https://github.com/khipuvault ✅ Email: support@khipuvault.com, security@khipuvault.com

Fake/Scam Channels (Don't Trust)

❌ Telegram (we don't have official Telegram) ❌ WhatsApp (we don't use WhatsApp) ❌ Unsolicited DMs on any platform ❌ Email from non-@khipuvault.com domains ❌ Accounts without verification badges

How to Verify:

Check our website for official social links
Look for verification badges (blue checkmark)
Compare follower counts (scam accounts have few followers)
Never trust DMs - we won't DM you first
Cross-reference announcements across multiple platforms

Incident Response Timeline

For Security Vulnerabilities

Phase	Timeline	Actions
Detection	T+0	Vulnerability discovered
Acknowledgment	T+1 hour	Security team notified
Assessment	T+6 hours	Severity determined
Mitigation	T+24 hours	Fix developed and tested
Deployment	T+48 hours	Fix deployed to production
Communication	Ongoing	Regular status updates
Post-Mortem	T+7 days	Detailed report published

For User Support Issues

Issue Type	Response Time	Resolution Time
Critical (funds at risk)	< 1 hour	< 24 hours
High (cannot withdraw)	< 4 hours	< 48 hours
Medium (UI issues)	< 24 hours	< 7 days
Low (questions)	< 48 hours	< 14 days