Security

We provide ultimate security by:

  1. PGP-based communication
  2. 100% Multisig Cold Wallet

PGP-based communication

All the messages you send to us and all the responses we send to you are PGP signed and encrypted.

The fact that we use public-private key cryptography for encryption and authentication means that, to gain access to your account, an attacker would have to steal your PGP private key (we call it the session key, because it's used to end-to-end encrypt your trading session between your browser and our servers), know the password used to protect it and know the ID of your account (which is a random number known only to you), which is nearly impossible. The password you enter to decrypt your session key never leaves your browser (it's never transmitted to the Internet) and the decryption happens locally in your browser.

OpenPGP is a widely recognised security standard and hasn't been compromised a single time yet (contrary to, e.g. OpenSSL). Among its use cases are:

100% Multisig Cold Wallet

The funds you deposit to your account never touch any wallet where they would be spendable solely with private keys stored on a computer connected to the Internet. They go straight to our Multisig Cold Wallet, i.e. a wallet which is:

  1. Multisig - to spend any BTC, it needs 3 out of 5 signatures requiring acknowledgment of different people within our company (no external parties) each having access to only one private key.
  2. Cold - the keys are stored on secure offline devices.

Withdrawals require manual confirmation, i.e. signing has to be manually confirmed on the offline devices, which is an additional security measure.

The Wallet is implemented on top of the Bitcoin Core client using watch-only addresses. This way, deposits are processed as soon as they arrive.