These measures were designed to establish an aggressive approach toward significantly limiting the attack surface of our infrastructure by making it prohibitively difficult to compromise.
Our cold storage maintains approximately 100% of user funds in an offline, multisignature wallet; requiring 4 of 7 hardware security modules (HSMs) in possession by globally-distributed management team members to approve all transactions. In the event an administrator is compromised and forced to log into the platform, a single HSM would not be sufficient to initiate transfer of funds. The challenge to acquire enough of these devices to access cold storage is tantamount to impossible.
Our hot wallet maintains only the funds necessary to fulfill withdrawals in the queue, the moment we get withdrawal request we refill the hot wallet, 4 of 7 HSMs are required to initiate a transfer from the cold wallet to the hot wallet.
- Intelligent load balancing and failover routing among servers to increase performance
- Real-time malicious traffic detection blocks malicious server requests
- Automatic inline mitigation measures decrease latency and increase uptime
- Leading privacy and performance through encrypted connections with HTTPS TLS
Routine penetration testing is performed by Security Team to preserve the integrity of our systems under endless attack scenarios.
- Always Up-to-Date Systems to Host the Platform
- Daily Automatic Encrypted Database Backups to Multiple Off-site Locations
- Encrypted User Password Storage
The security team at Tradexic continues to audit protocol implementation at every level of the platform in order to maintain an inherently hostile environment toward intrusion; further employing routine external security audits.
INDIVIDUAL USER SECURITY
Tradexic provides a strong portfolio of user-determined security measures, and we encourage all users to fallow our Greenlane which significantly increase personal security, reduce the required number of confirmations for cryptocurrency deposits, and prioritize withdrawals through automatic processing.
Two-Factor Authentication (2FA)
We implemented the following mechanisms of 2FA:
- Google Authenticator on Android and iOS devices
- Physical Security Key using FIDO Universal 2nd Factor (U2F)
Enabling 2FA/OTP places a second level of security between an attacker and withdrawal confirmations, password changes, and logins.
Keep Session Alive
When logged in and inactive, the browser will ping the platform every 10 minutes to keep the session alive. The session will expire after 30 minutes of inactivity and the user’s account will be automatically logged out.
Send Email on Login
Receive an email each time someone logs into your account. The email will contain information about the IP of the authenticated user and a link to freeze your account if you suspect malicious activity.
Each login to a user’s account is saved and can be personally audited
Add/Disable Withdrawal Addresses
Set a specific withdrawal address for each currency, changing or removing the address will requires confirmation by email/sms.
SUSPICIOUS ACTIVITY DETECTION
Suspicious activity detection is both automated by our security infrastructure and manually reviewed by our security team. This process involves the user’s participation by reviewing activities such as password resets, 2FA removal requests, geolocation, and user hardware/software specifics.
Our security team monitors activity patterns and recognizes deviations that could significantly change the status of account balances for a user, such as withdrawal requests for entire accounts, requests to change mobile number, associated email addresses, and withdrawal addresses.
These mechanisms are not intended to dictate account usage; rather, they are designed specifically as measures of due diligence while users engage with the Tradexic platform.