Our Security Architecture
1. Platform and System Security
Our infrastructure is the first line of defense against external threats.
International Security Certification:We are ISO/IEC 27001 certified for Information Security Management. This ensures our security management processes and system architecture align with global best practices.
Threat Monitoring:Our dedicated security team monitors system activity 24/7.
We deploy advanced WAF (Web Application Firewall) and DDoS protection at the frontend to block anomalous traffic in real-time.
We utilize IDS/IPS (Intrusion Detection/Prevention Systems) at the backend to monitor and block malicious attacks.
Full-Site SSL Encryption:All operations and data transmissions on our platform are conducted over an SSL (Secure Socket Layer) encrypted channel, ensuring your data cannot be stolen or tampered with during transit.
Regular Penetration Testing:We proactively engage third-party white-hat hackers and security experts to conduct comprehensive penetration tests on our platform. This allows us to discover and patch potential vulnerabilities before they can be exploited.
Collaboration with the Security Community:We actively run a Bug Bounty Program, inviting global security researchers and white-hat hackers to report potential vulnerabilities. We offer competitive rewards for valid reports, continuously strengthening our platform's defenses with an open and transparent approach.
2. Asset Security
We utilize a hot and cold wallet segregation system to ensure your assets are secure.
High-Percentage Cold Storage:The vast majority of our users' digital assets are stored in offline "cold wallets." These are completely isolated from the internet, minimizing the risk of a breach from online attacks.
Multi-Signature Mechanism:All asset transfers from our cold wallets require a multi-signature and multi-party approval process. This protocol effectively prevents unauthorized transfers and mitigates both external and internal risks.
3. Account Security
We provide you with multiple tools to maintain full control over your account.
Mandatory Two-Factor Authentication (2FA):We require all users to enable 2FA. This provides a second layer of defense using a dynamic password for logins, withdrawals, and other sensitive operations.
Real-Time Login and Withdrawal Alerts:The system will immediately notify you via email of any account login or withdrawal request, allowing you to monitor your account activity at all times.
Withdrawal Whitelisting:You can set up a "whitelist" of trusted withdrawal addresses. When enabled, your account can only withdraw funds to these pre-verified addresses, effectively preventing unauthorized transfers.
Proactive Breach Monitoring:We actively monitor external data breach databases to check if our users' registered information has been compromised in leaks from other websites. If we find that your password may have been exposed elsewhere, we will immediately alert you to change it and, if necessary, apply preventative risk controls to protect your account from "credential stuffing" attacks.