Security of assets and user data stored on the website is our first priority.
To increase security, the service constantly adds new levels of protection, improves audit processes and reduces the “attack surface” in its infrastructure. Within the frame of the intellectual property security and protection, we cannot disclose all the information about the protective measures used on our platform.
User account protection
Not all of the security measures described below are activated in the default mode, but you can activate them by yourself in the / security section, depending on the required level of security. There you can check the security status of your account and see recommendations for its protection.
Two-factor authentication (2FA)
This level of security is used to secure the most important operations conducted in your account, such as authorization, creating API keys and withdrawal of funds. You can control two-factor authentication using Google Authenticator, Twilio, or U2F security key.
Advanced verification tools for control of account integrity
All authorization data is stored and verified for suspicious activity.
The intelligent system tracks IP address changes to avoid hacking during a working session.
Notifications with authorization reports and a link to a quick account freeze in case of suspicious activity are received at the specified e-mail inbox.
The security system automatically tracks withdrawal operations using IP address and other patterns of user actions, and initiates a manual check of administrator in case it detects suspicious withdrawals.
Confirmation procedure of funds withdrawal is resistant to malicious modules in the browser.
Adding addresses to the white list of addresses will prevent the withdrawal of funds to third-party resources.
Majority of digital assets in the system are stored in stand-alone “cold” wallets. Only about 0.5% of the cryptoactives are in “hot” wallets for use in everyday operations. To ensure a high level of security, you cannot get an access to the “cold” wallets from the platform itself and its servers. The right to manual access to the funds in the autonomous “cold” wallets is only granted to a few chief administrators.
To host the platform, we use the latest Linux systems.
We use the best computer security practices and protect our servers with the latest software.
The database is automatically backed up once a day.
Once a day, a backup copy of the trading platform database is created, after that it is encrypted and archived.
Automatic duplicate of backup data
The created backup copy (database, log files, etc.) is immediately sent to several remote from each other physical servers.
We use automatic protection against service denial kinds of distributed attacks, so that external attacks cannot affect the course of trading.