DIGITAL ASSET SECURITY
The majority of customer digital assets (Bitcoin, Ethereum…) are held in our offline vaulted storage system (“Cold Storage”). Only a small portion of digital assets are held in our online wallet (“Hot Wallet”).
Our Hot Wallet environment is hosted on Amazon Web Services (“AWS”). AWS has a proven track record for tight physical security and strict internal controls. More information can be found here.
Administrative access to BitPyro production environment requires multi-factor authentication.
Hot Wallet key management is rooted in hardware security modules (“HSMs”). We use the hosted Cloud HSM service provided by AWS, which offers dedicated HSMs within the AWS cloud
All HSMs are stored in guarded, monitored and access-controlled facilities that are geographically distributed.
All fund transfers require the coordinated actions of multiple employees.
We are a full-fledged reserve digital asset exchange. Customers only trade from pre-funded accounts.
All customer fiat funds are held in a specific account at an insured premium bank located in Singapore and Hong Kong.
FIAT funds are segregated and legally distinct from our business and operating accounts.
Two-Factor Authentication (“2FA”) is required for every user account and for actions other than session login, such as withdrawals.
Strong passwords are required for every user account.
All passwords are cryptographically hashed using modern and proven standards.
All website data is transmitted over encrypted Transport Layer Security (“TLS”) connections (i.e., HTTPS).
We partner with leading vendors to mitigate potential distributed denial-of-service (“DDoS”) attacks.
BITPYRO INTERNAL CONTROLS
Multiple signatories are required to transfer funds out of Cold Storage.
The key executives from our company are unable to individually or jointly transfer funds out of Cold Storage.
All our employees undergo criminal and credit background checks, and are subject to ongoing background checks.