These measures were designed to establish an aggressive approach toward significantly limiting the attack surface of our infrastructure by making it prohibitively difficult to compromise.

PLATFORM SECURITY

Cold Wallet

Our cold storage maintains approximately 100% of user funds in an offline, multisignature wallet; requiring 4 of 7 hardware security modules (HSMs) in possession by globally-distributed management team members to approve all transactions. In the event an administrator is compromised and forced to log into the platform, a single HSM would not be sufficient to initiate transfer of funds. The challenge to acquire enough of these devices to access cold storage is tantamount to impossible.


Hot Wallet

Our hot wallet maintains only the funds necessary to fulfill withdrawals in the queue, the moment we get withdrawal request we refill the hot wallet, 4 of 7 HSMs are required to initiate a transfer from the cold wallet to the hot wallet.


DDoS Protection

  • Intelligent load balancing and failover routing among servers to increase performance
  • Real-time malicious traffic detection blocks malicious server requests
  • Automatic inline mitigation measures decrease latency and increase uptime
  • Leading privacy and performance through encrypted connections with HTTPS TLS


Standard Procedure

Routine penetration testing is performed by Security Team to preserve the integrity of our systems under endless attack scenarios.

  • Always Up-to-Date Systems to Host the Platform
  • Daily Automatic Encrypted Database Backups to Multiple Off-site Locations
  • Encrypted User Password Storage

The security team at Tradexic continues to audit protocol implementation at every level of the platform in order to maintain an inherently hostile environment toward intrusion; further employing routine external security audits.


INDIVIDUAL USER SECURITY

Tradexic provides a strong portfolio of user-determined security measures, and we encourage all users to fallow our Greenlane which significantly increase personal security, reduce the required number of confirmations for cryptocurrency deposits, and prioritize withdrawals through automatic processing.

Two-Factor Authentication (2FA)

We implemented the following mechanisms of 2FA:

  • Google Authenticator on Android and iOS devices
  • Physical Security Key using FIDO Universal 2nd Factor (U2F)

Enabling 2FA/OTP places a second level of security between an attacker and withdrawal confirmations, password changes, and logins.

Keep Session Alive

When logged in and inactive, the browser will ping the platform every 10 minutes to keep the session alive. The session will expire after 30 minutes of inactivity and the user’s account will be automatically logged out.


Send Email on Login

Receive an email each time someone logs into your account. The email will contain information about the IP of the authenticated user and a link to freeze your account if you suspect malicious activity.

Login History

Each login to a user’s account is saved and can be personally audited


Add/Disable Withdrawal Addresses

Set a specific withdrawal address for each currency, changing or removing the address will requires confirmation by email/sms.


SUSPICIOUS ACTIVITY DETECTION

Suspicious activity detection is both automated by our security infrastructure and manually reviewed by our security team. This process involves the user’s participation by reviewing activities such as password resets, 2FA removal requests, geolocation, and user hardware/software specifics.

Our security team monitors activity patterns and recognizes deviations that could significantly change the status of account balances for a user, such as withdrawal requests for entire accounts, requests to change mobile number, associated email addresses, and withdrawal addresses.

These mechanisms are not intended to dictate account usage; rather, they are designed specifically as measures of due diligence while users engage with the Tradexic platform.