Security

Enhanced Security Protocols for Platform Users

• Injection Attack Mitigation: We employ parameterized queries, a method that ensures our database queries are not only dynamically generated but also rigorously screened to prevent SQL injection attacks. This technique effectively separates SQL code from data input, significantly reducing the attack surface for malicious actors.

• Robust Data Encryption: Utilizing Advanced Encryption Standard (AES) with a 256-bit key length, we ensure the highest level of encryption available. This method is globally recognized for securing sensitive data and is used by governments and security experts worldwide to protect classified information.

• Mandatory Two-Factor Authentication (2FA): We enforce two-factor authentication for all users, offering options for Time-based One-time Password (TOTP) algorithm or Universal 2nd Factor (U2F) security keys. This additional layer of security requires users to provide two distinct forms of identification before gaining access, substantially minimizing the risk of unauthorized account access.

• DNS-Level DDoS Protection: Our infrastructure is safeguarded against Distributed Denial of Service (DDoS) attacks through DNS-level filtering. This approach identifies and mitigates attack traffic at the DNS layer, preventing overload on our network resources and ensuring uninterrupted service availability.

• Comprehensive Data Request Filtering: To counteract Cross-Site Scripting (XSS), Secure Socket Layer (SSL) manipulation, Cross-Site Request Forgery (CSRF), Clickjacking, and Session Impersonation attacks, we implement rigorous filtering and validation processes. These processes are applied to all user data requests on both the front-end and back-end, employing content security policies, same-origin policy enforcement, and anti-CSRF tokens to ensure a secure data exchange environment.

• Unlisted Security Measures: In addition to the measures listed above, we have implemented a range of advanced security protocols and technologies that are not publicly disclosed to maintain the integrity of our security posture.

Important Advisory for API Key Generation:

• Restricted API Key Permissions: Users are strongly advised to create API keys that are configured with trading permissions exclusively. This precautionary measure ensures that, even in the event of key compromise, the ability to withdraw funds from the exchange remains securely blocked. This practice is crucial for safeguarding users' assets against unauthorized withdrawals, aligning with our commitment to providing a secure trading environment.