Security Policies

Security of funds and user information is our top priority. Our security team is continually improving our end-to-end security measures, improving auditing processes, and reducing the 'attack surface' of our infrastructure. Please note that we cannot disclose too many details of the security measures implemented on the platform for security and proprietary reasons.

User Account Protection

Some of the security measures highlighted below are in place by default, and others can be activated based on the security level you need. Please visit to check the security status of your account and see recommendations.

Two-factor authentication (2FA)

Add an extra layer of security to your account and protect sensitive operations such as logging in, generating API keys, and withdrawing. Configure two-factor authentication using Authy, Google Authenticator, Twilio, or Clef.

Advanced verification tools to monitor the integrity of your account

  • Login data is saved and analyzed for unusual activity.
  • Intelligent system detects IP Address changes to prevent session hijacking.
  • Email notifications report logins and include a link to instantly freeze your account if you suspect malicious activity.
  • Limit access to your account based on IP address.
  • Limit access from your API keys based on IP address.

Withdrawals protection

  • Security system monitors withdrawals by IP address and other user behavior patterns, triggering manual admin inspection on withdrawals that appear unusual.
  • Withdrawal confirmation step that is immune to malicious browser malware.
  • Define an address whitelist to ensure no withdrawals can go anywhere else.

Advanced API key permissions

Create API keys with advanced read/write permissions on a per-feature basis. Unleash the full power of the platform through our WebSockets APIs.

Cryptocurrency Storage

The overwhelming majority of system funds are stored in offline, cold wallets or online multisign wallet addresses. Only approximately 40% of crypto assets are accessible in geo separated hot & conditionally-hot wallets for day-to-day platform operations. As an added protection, the cold wallets are not available from the platform or the platform servers. The funds in offline cold storage and multisign wallet addresses require manual intervention by several members of our management to access. Special non-exchange intranet system routes funds between geolocations. Special service in each geolocation routes funds between hot, conditionally-hot, cold, multisign wallets.

System Security

  • Always up-to-date Linux systems to host the platform: Our servers network is protected using always up-to-date software and the best possible practices.
  • Database Cluster + Automatic backup of the database once a day: Once a day, the database of the platform is backed up, encrypted and compressed as an archive.
  • Duplication of backup data automatically: As as a new backup is ready (database, log files,...), it is sent to others servers in several geo locations.
  • Protection from DDoS attacks: We are protected by automatic Distributed Denial of Service protection to ensure that trading cannot be halted by outside attacks.
  • Automatic background clearing service works with full data shears (time changes array of balances, trades, depossits, withdrawals) and detects anomalies. Clearing can call panic in geolocation and route all funds to multisign & cold addresses.