Security of our services and customer funds is very important to us

Things We Do:

Database:
  • Atomic Request based Transactions
  • ACID compliant
  • Prepared Statements
  • Wallets:
  • Store the majority of customer funds in a cold storage wallet
  • Double check withdrawal submissions for overdrawing
  • All wallets encrypted with unique passwords
  • Authenication:
  • Passwords are stored as salted hashes
  • Secure session based authentication
  • Input:
  • Regex to sanitize input strings
  • Limit post and get requests to minimize Denial of Service attacks and prevent cracking account passwords and other malacious activity.
  • Protect against Cross-site request forgery using csfr tokens
  • ect.

    Things you should do:

  • Make long and complicated passwords
  • Dont use Microsoft or Android operating systems while managing sensitive financial accounts
  • Enable GPG based 2FA
  • Sign up for I2Pbote account alerts
  • Move funds to timevault or to a private wallet while not in use.
  • Don't access your account through inproxies like exchanged.i2p.xyz and exchanged.i2p.xyz.us . If you do, the operators of these sites could steal your login credentials and you funds.
  • We will not contact you:

    We will never request your password. Never disclose information about your account to anyone!

    Report bugs and security vulnerabilities to the admin.