Security Policies
Security
of funds and user information is our top priority. Our security team is
continually improving our end-to-end security measures, improving
auditing processes, and reducing the 'attack surface' of our
infrastructure. Please note that we cannot disclose too many details of
the security measures implemented on the platform for security and
proprietary reasons.
User Account Protection
Some
of the security measures highlighted below are in place by default, and
others can be activated based on the security level you need. Please
visit your account profile to activate your security and check the
security status of your account and see recommendations.
Two-factor authentication (2FA)
Add
an extra layer of security to your account and protect sensitive
operations such as logging in, generating API keys, and withdrawing.
Configure two-factor authentication using Google Authenticator, Twilio, or a U2F Security Key.
Universal 2nd Factor (U2F)
Use a physical Security Key to take advantage of the ultra-secure FIDO Universal 2nd Factor (U2F) open authentication standard.
Advanced verification tools to monitor the integrity of your account
- Login data is saved and analyzed for unusual activity.
- Intelligent system detects IP Address changes to prevent session hijacking.
- Email notifications report logins and include a link to instantly freeze your account if you suspect malicious activity.
- Limit access to your account based on IP address.
Withdrawals protection
- Security system monitors withdrawals by IP address and other user behavior patterns, triggering manual admin inspection on withdrawals that appear unusual.
- Withdrawal confirmation step that is immune to malicious browser malware.
- Define an address whitelist to ensure no withdrawals can go anywhere else.
Cryptocurrency Storage
The
overwhelming majority of system funds are stored in offline, cold
wallets. Only approximately 0.5% of crypto assets are accessible in hot
wallets for day-to-day platform operations. As an added protection, the
cold wallets are not available from the platform or the platform
servers. The funds in offline cold storage require manual intervention
by several members of our management to access.
System Security
Always up-to-date Linux systems to host the platform
Our servers network is protected using always up-to-date software and the best possible practices.
Automatic backup of the database once a day
Once a day, the database of the platform is backed up, encrypted and compressed as an archive.
Duplication of backup data automatically
As soon as a new backup is ready (database, log files,...), it is sent to others servers in several physical locations.
Protection from DDoS attacks
We
are protected by automatic Distributed Denial of Service protection to
ensure that trading cannot be halted by outside attacks.