Security of our services and customer funds is very important to us
Things We Do:
Atomic Request based Transactions
Store the majority of customer funds in a cold storage wallet
Double check withdrawal submissions for overdrawing
All wallets encrypted with unique passwords
Passwords are stored as salted hashes
Secure session based authentication
Regex to sanitize input strings
Limit post and get requests to minimize Denial of Service attacks and prevent cracking account passwords and other malacious activity.
Protect against Cross-site request forgery using csfr tokens
Things you should do:
Make long and complicated passwords
Dont use Microsoft or Android operating systems while managing sensitive financial accounts
Enable GPG based 2FA
Sign up for I2Pbote account alerts
Move funds to timevault or to a private wallet while not in use.
Don't access your account through inproxies like exchanged.i2p.xyz and exchanged.i2p.xyz.us . If you do, the operators of these sites could steal your login credentials and you funds.
We will not contact you:
We will never request your password. Never disclose information about your account to anyone!
Report bugs and security vulnerabilities to the admin.