How is system security ensured?
In the world of Cryptocurrencies, security plays a major role and we have implemented highly advanced measures to protect user data, transactions, and platform funds.
Security tests are continuously conducted to enhance software security. These measures include liquidity security and wallets, multi-layered authentication, encryptions, regular security audits, cold storage of assets, and many other actions to ensure the safety of user data and funds. As an extra layer of precaution, we employ cold storage methods to store assets offline, significantly reducing the risk of hacking attempts.
Some companies claim that their sites are unhackable,
It is important to note that no website or system can claim to be completely unhackable. Even major entities such as banks, government institutions, security agencies, and well-known cryptocurrency exchanges like Binance have experienced security breaches in the past. Acknowledging this reality, we focus on implementing strict security measures to reduce the risks associated with potential hacking attempts.
Rather than making baseless claims of invulnerability, we believe it is more professional to address the question of how we prevent hacking on our system and how we protect user data and assets in the event of a breach. Our comprehensive security measures are designed to detect, prevent, and mitigate potential security incidents, ensuring the safety and protection of our users’ valuable assets and sensitive information.
What security measures have we currently taken to make system hacking problematic?
- Obtaining the most important international certification ISO/IEC 27001: Information Security Management System.
- Implementing international standards such as the Open Web Application Security Project (OWASP).
- Unique infrastructure for authentication entry tokens and registration.
- Regular system security and penetration testing.
- The multi-layer architecture of the database and vault.
- IP link and OTP authentication for different parts of the system.
What happens to the site's information and assets in case of a hack or security breach?
- All assets and critical system information are fully hashed and encrypted. Therefore, in the event of a hack, due to the hacker's lack of access to the keys, decryption is not possible, and the data remains secure.
- We have several backup systems, including Replica set, Mirror, and Section Time.
- A new 5-layer architecture for the vaults: The vault architecture in our system is highly unique and innovative, covering all the client's security objectives. Despite the dynamic nature of vault operations, it keeps all master vault assets in a vault that is only accessible to the client. Therefore, in the event of a hack, the primary assets and information are not within the site, and no breach occurs.
In Crypto Exchange websites, some data, such as identity verification or KYC, is sent by users in the form of media files. This can pose a significant security risk, as many types of malware and malicious code can enter the site’s main server through these files and gain access to the primary data.
One of the most common types of security breaches in Crypto Exchange websites is this method. We address this issue through Object storage. These are a type of storage spaces that store user files inside separate servers. They have no operating system, and no malware can have direct access to the system in this way.
We make an additional layer of protection that mitigates the risk of malware-infected files infiltrating the primary server and ensures that user data remains secure and guarded against unauthorized access.
By providing a set of security features and modules, fundamental and bulletproof architecture, the use of the latest Authorization methods, system restrictions, various levels of access, and many other security solutions, we have aimed to minimize security risks so that users can have a better experience and greater peace of mind.
- Authentication and Authorization with Modern Time Token mechanism
Elastic Error Handling system
Monitoring systems with the ability to create a monitoring system for technical personnel and administrators
Multi-Layer Database architecture and Database Storage section for graphic files and user uploads (separate from the main system for security purposes)
- Encryption of sensitive information, including assets and user data
Ability to maintain 99% of the system’s liquidity in Cold Storage (offline)
Consideration of security standards and protocols in system design and full testing by the client and the client’s team before the project launch
- Transaction chain rollback feature: the ability to check the transaction chain and roll it back automatically in case of computational errors and transaction process issues
Anti-double spending feature in the system
Transaction Queue system
Complete protection against invalid transactions
Authorization of sensitive system processes (such as withdrawal, login, change in the whitelist withdrawal list, changes in user information, and important admin features) through multi-factor authentication