Security

We provide ultimate security by:

  1. PGP-based communication
  2. 100% Multisig Cold Wallet

PGP-based communication

All the messages you send to us and all the responses we send to you are PGP signed and encrypted. Signed version of each web page is available under text-only, signed version, at the bottom.

The fact that we use public-private key cryptography for encryption and authentication means that, to gain access to your account, an attacker would have to steal your PGP private key, know the password used to protect it and know the ID of your account (which is a random number known only to you), which is nearly impossible if you are aware of how it works (description comming soon) and follow the simple guidelines outlined there. Therefore:

  • No one can steal your credentials by redirecting you to a fake website and requesting your username and password, because there is no username and password to enter on any website.
  • No one can pretend to be you by any kind of cross-site scripting because the authentication, so to say, happens locally on your computer.
  • Even if someone would (in the very unlikely event) steal our database he wouldn't find your password (or its hash) there, because the password is used only locally on your computer and is not sent anywhere.

OpenPGP is a widely recognised security standard and hasn't been compromised a single time yet (contrary to, e.g. OpenSSL). Among its use cases are:

100% Multisig Cold Wallet

The funds you deposit to your account never touch any wallet on a computer connected to the Internet. They go straight to our Multisig Cold Wallet, i.e. a wallet which is:

  1. Multisig - to spend any BTC, it needs n out of m signatures made by private keys kept by different people in different, secure physical locations.
  2. Cold - all the m private keys are kept on computers that are offline all the time.

Withdrawals are processed manually, i.e. they are manually signed on the offline computers.

The Wallet is implemented on top of the Bitcoin Core client using watch-only addresses. This way, deposits are processed as soon as they arrive.

The Multisig Cold Wallet guarantees that, in the very unlikely event of all our servers getting hacked, all your funds would still be safe!