Security and reliability are the most important requirements for the design of our IT systems and operations. Among other elements, layered security principles and multi-factor authentication are applied throughout Quedex systems, and the whole platform is subject to regular security audits and penetration tests by independent experts in the field. A robust, battle-tested software development and DevOps process provides an uptime guarantee and reliability for the end customer. We have a complete set of security policies and procedures in order to ensure that security standards are applied throughout our operations.
As an element of layered security, all the messages you send to us and all the responses we send to you are PGP signed and encrypted.
The fact that we use public-private key cryptography for encryption and authentication means that, to gain access to your account, an attacker would have to steal your PGP private key (we call it the session key, because it's used to end-to-end encrypt your trading session between your browser and our servers) and know the password used to protect it. The password you enter to decrypt your session key never leaves your browser (it's never transmitted to the Internet) and the decryption happens locally in your browser, which decreases the possible attack surface.
The funds you deposit to your account never touch any wallet where they would be spendable solely with private keys stored on a computer connected to the Internet. They go straight to our Multisig Cold Wallet, i.e. a wallet which is:
Withdrawals require manual confirmation, i.e. signing has to be manually confirmed on the offline devices, which is an additional security measure.