Yes, your account is secure.
The security of our user's funds is our top priority. We have built a secure and trustworthy platform employing the latest security technology in the blockchain and financial industry. Here are some of the main features:
SSL. Our platforms use 256-bit SSL for all communications between server and web browser, which eliminates the possibility of a "man in the middle" attack. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
Confirmation through email address. Your account is linked to your mailbox. Therefore, if a hacker manages to access your account, they will only be able to perform a limited number of actions, none of which includes sending your funds outside of your account. We strongly recommend you have different passwords for your account and your linked mailbox.
Enhanced security / Two-Factor Authentication (2FA). 2FA is an extra layer of security that requires not only a password and username but also something that only that user and no one else has on them, i.e. a piece of information only they should know or have immediately at hand - such as a physical token. Read our Help Centre article about 2-factor authentication for more details. To make your account more secure, we recommend that you enable 2FA for both your account and your linked email account.
Multi-signature technology. All accounts in our system are protected by BitGo's multi-signature technology. This technology makes it impossible to transfer funds without the transaction being signed by all parties involved. Every user has their own 2-3 multi-sig bitcoin account with a unique set of private keys (every key is encrypted with a strong password and backup key is stored completely offline); we work closely with BitGo, the world leader in blockchain security, to ensure that funds are kept securely and our account infrastructure is audited on regular basis. Read more about multi-sig security here.
Microservice architecture. Our employs microservice architecture, where every service has its own set of access rights and is responsible for one operation. Every account operation is restricted by IP and can only be done by the microservice. The microservice architecture eliminates the single point of failure and makes it almost impossible for an attacker to get full control of a user's account.
Policies. Our sophisticated account policies and analysis tools can easily detect unusual behavior e.g. withdrawal of big amounts, many account operations happening during a short time frame, etc…
No access to your card details. Our platforms do not keep any payment card numbers, expiry dates, or CVV codes. Instead, our Platforms operate with card proxies, which means that all data is kept securely and none of our employees have access to it.
Support awareness. We take your security very seriously, so we perform thorough verification when we receive requests to disable two-factor authentication, change of email address, or any changes to the account. Account-related requests can only be addressed by our Support Team if initiated from your linked email address.