Security

Industry-leading security
protects your investments.

Our commitment : protecting your funds and privacy is our number one priority

Protecting your assets and your personal information is what we do. Security is the cornerstone of our culture and we have operated with a security-first mentality from day one. Our team of experts have built in a number of sophisticated measures to prevent the theft of money or information.

Theft isn't the only threat of course. As a professional exchange we offer financial stability, with full reserves, healthy banking relationships and the highest standards of legal compliance.

Security First.

Safe digital asset storage

  • The majority of your cryptocurrency is held in our offline, air-gapped Cold Storage system. Only a small portion of your cryptocurrency is held in our fully-insured, online Hot Wallet.
  • We use hardware security modules (HSMs) that have achieved a FIPS 140-2 Level 3 rating or higher. All HSMs are geographically distributed and stored in monitored, access-controlled facilities.
  • We use a multisignature digital signature scheme (multisig) to eliminate single points of failure and improve our resilience against the loss or compromise of any individual private key.

Systems Protection

  • All of our website data is transmitted over encrypted Transport Layer Security (TLS) connections (i.e., HTTPS) and encrypted at rest at both the system and data level.
  • Internal data access is strictly controlled and monitored and inaccessible over the public Internet.
  • We partner with enterprise vendors to mitigate against distributed denial-of-service (DDoS) attacks.
  • Penetration testing is performed on our own systems to secure your investments via every imaginable attack vector.

Internal Controls

  • Multiple signatories are required to transfer cryptocurrency out of our Cold Storage System.
  • Our offices do not store or contain anything of value, including private keys. All private keys are stored offsite and geographically distributed in monitored, access-controlled facilities.
  • All employees undergo criminal and credit background checks and are subject to ongoing background checks throughout their employment.
  • All remote-access requires public-key authentication via credentials stored on hardware tokens - passwords, one-time passwords (OTPs), or other phishable credentials are not permitted.

Account Security Features

  • 2FA (Google Authenticator and Yubikey) to keep your account secure
  • No Phone/SMS account recovery, your account stays in your hands
  • Email confirmations for withdrawals with self-serve account lock
  • Configurable account timeout for another layer of protection
  • Customizable, granular API key permissions with range boundaries
  • Global settings time lock for extreme security when you're away
  • PGP signed and encrypted email for secure communication
  • SSL encryption to protect you when browsing iMoose 
  • Constant, real-time monitoring for suspicious activity
  • Zero settlement risk, no chargeback fraud when trading crypto
  • Sensitive data is fully encrypted at rest and in transit
  • High priority 24/7 live chat and email support for urgent concerns

Security Resources

interested in learning more about our security practices or how you can protect yourself from bad actors? Check out the resources below