Exchange security is our Number 1 Priority. We reduce customer risk by using effective security, checks and balances, and oversight.
Offline Funds Storage
We store the majority of our customer's funds in a secure offline wallet, with only a portion available in a 'hot' wallet for instant withdrawals. This method vastly improves security at a minor expense of large withdrawals requiring manual processing. More information on how much and where we store offline funds can be found on our system status page.
DDoS Protection & CDN Caching
We utilize a leading DDoS provider for all public facing content and cache all static content on a CDN to provide the fastest possible load times.
Logical & Physical Security
All website components are logically separated and protected by physical firewalls for increased security. Employees are required to connect to a controlled secure VPN before gaining access to any internal systems.
All interaction with the website is required to be HTTPS so all communication is encrypted via SSL.
Customers can set up two-factor authentication for accounts with Google Authenticator to provide an extra layer of security. We HIGHLY recommend this.
We use an industry recognised PCI (credit card provisioning compliance) scanning service to routinely scan the website to aid in locating any potential security issues.
We use industry standard methods for preventing SQL Injection & XSS attacks on our website. In additional, all passwords & sensitive data are encrypted along with a static & random salt. Encryption keys and salts are NOT stored in the database or in the codebase.
We have automated systems in place to check for inconsistencies in transactions and our wallets. The system will automatically shutdown a service if something appears incorrect, and immediately inform a technician. The system status page will always have the most up to date information on any service outages or suspensions.