Customer Asset Protection
We use the following security tools and measures:
2FA (provided by Google Auth) to ensure account security and prevent any unauthorized access to user’s account.
Mandatory Bitcoin address whitelisting
Cold storage of digital assets with Multisignature technology
Hardware security modules with rating of FIPS PUB 140-2 Level 3 or higher
Full risk check after every order placement and execution
Encrypted SSL (https) to encrypt and secure our website’s traffic.
All passwords are cryptographically hashed (using bcrypt with a cost factor of 12) while all other sensitive data is encrypted.
Cloudfare to mitigate potential distributed denial-of-service (“DDoS”) attacks.
Regular tests and check-ups by our technical team.
On-going and IT security assessments are executed to keep up to date with new potential vulnerabilities.
Our data is hosted on Amazon Web Services (“AWS”). AWS has a proven track record for physical security and internal controls.
Get started in 30 seconds
The majority of customer digital assets (Bitcoin) are held in our offline storage system (“Cold Storage”). Only a small portion of digital assets are held in our online wallet (“Hot Wallet”).
We use Multi-signature access (“Multisig”) to provide both security against attacks and tolerance for losing access to a key or facility, eliminating single points of failure. All fund transfers from Cold Storage to Hot Wallets are handled manually and require the coordinated actions of multiple employees.
A dual factor authentication (also known as 2FA or two-step verification) is a security process that requires the user to provide two different authentication factors to verify themselves. It gives a higher level of assurance than single-factor authentication (SFA) methods, that require to only provide one factor (usually a password).
It’s one of the best ways to secure your account and the setup process is very easy so we strongly recommend you to enable 2FA for your account immediately after you complete the registration process. Our 2FA system uses a TOTP solution which means it requires a Google Authenticator app. It’s more secure and reliable than using SMS as 2FA solution.
Follow these steps to enable 2FA:
Download the Google Authenticator app for either iOS or Android
Go to System Preferences menu
Click ‘Enable GA’ button in Google Authenticator section
Backup you secret key and confirm it by clicking on the box next to ‘I backed up a 16-digit code’
Confirm the setup by entering PIN code generated by 2FA
Withdrawal address whitelisting
Follow these easy steps to whitelist your wallet address:
Go to Account section and choose Withdraw menu
Click “Destination address” dropdown menu. Next, click ‘Add new address’
In the pop up window fill up the label and the Bitcoin address you are willing to use for withdrawals. Press ‘Add’ to continue.
Now you need to go to your email inbox. You will receive an email with confirmation link. Click on it to whitelist the address. Please note that the link is only active for an hour.
The BTC address you confirmed will be added to the Whitelist and withdrawal of funds will be possible only to that specific address.