Nexchange takes a comprehensive approach to security. Our security experts have built in a number of sophisticated measures to prevent the theft of money or information. Theft isnt the only threat of course. Its also essential that a professional exchange offer financial stability, with full reserves, healthy banking relationships and the highest standards of legal compliance.
Described below are just some of our security practices. The list is not complete — you can be assured that our security measures go well beyond what were willing to make public.
- All new deposits go directly to cold wallets, with complete air-gap isolation from any online system.
- The vast majority of coins are stored in cold wallets, with complete air-gap isolation from any online system.
- A limited number of coins are stored in semi-cold wallets, on protected machines with locked drives.
- Only the coins that are needed to maintain operational liquidity are stored in hot (online) wallets.
- All wallets are encrypted.
User Account Security
- Two-factor authentication is available for account login and funding, trading, and actions that can be performed using API keys.
- A separate two-factor authentication channel (Master Key) can be enabled for highly secure account recovery.
- Protection against leakage of user information: login or password recovery attempts will not reveal any account information, including the existence of an account.
- PGP/GPG for email encryption and email signature/verification.
- Isolated, highly secure system for uploading account verification documents.
- All sensitive account information, including verification documents, is encrypted and access to multiple highly secure systems is required to decrypt it.
- Global settings lock that can be enabled to prevent tampering of user account information, including withdrawal addresses, by an attacker who has gained access to the account.
- Nexchanges servers reside in locked racks, in a locked private cage, inside a top-tier professional data center: this means armed guards, video surveillance, retina scans, the works.
- Data is encrypted wherever possible, and systems are both redundant and isolated from one another.
- Data is replicated in real time and backed up on a daily basis.
- We currently use Cloudflare, among other measures, for protection from Distributed Denial of Service attacks.
- Our office is wired with separate networks for separate purposes. The system our agents use to access your uploaded account verification documents cannot be used for anything else. Support tickets are on a completely separate system, and so on.
- Our staff has been thoroughly reviewed, and multiple sign-offs are required for anything remotely sensitive.
- We maintain full reserves — a bank run is an impossibility.
- Customer funds reside in a bank account separate from our operations account, and fees are transferred on a daily basis.
- Customer funds cannot be borrowed to fund operations, nor can they be lent, even for margin trading on our own platform.
- We have solid relations with our bank, and an agreement is in place allowing us to wind down our account in an orderly fashion, should our relationship ever come to an end.
- We are pursuing multiple banking partnerships to build in some financial redundancy — so that even should the above situation come to pass, our daily operations will not be interrupted.
- Bitcoins legal status is still being defined, but Nexchange takes a highly proactive and informed approach to ensuring legal compliance.
- Our approach is to operate conservatively, entirely within the bounds of current law, and to constantly monitor regulatory developments so that we can anticipate changes before they occur.
- Our compliance measures are designed by a five-member team of legal advisors, including a full-time General Counsel who is responsible for constantly evaluating our legal stance in the face of regulatory developments.