Security

PrimeXBT is committed to provide the highest level of security to its platform users

Customer asset protection

Extensive cyber-security framework is implemented in order to ensure that strict measures and practices are in place to protect customer assets against any eventualities and threats. We are conducting periodical stress tests and security audits to ensure compliance with the strictest security standards.

We use the following security tools and measures:

  • 2FA (provided by Google Auth) to ensure account security and prevent any unauthorised access to user’s account.
  • Mandatory Bitcoin address whitelisting feature
  • Cold storage of digital assets with Multisignature technology
  • Hardware security modules with rating of FIPS PUB 140-2 Level 3 or higher
  • Full risk check after every order placement and execution
  • Encrypted SSL (https) to encrypt and secure our website’s traffic.
  • All passwords are cryptographically hashed (using bcrypt with a cost factor of 12) while all other sensitive data is encrypted.
  • Cloudfare to mitigate potential distributed denial-of-service (“DDoS”) attacks.
  • Regular tests and check-ups by our technical team.
  • On-going and IT security assessments are executed to keep up to date with new potential vulnerabilities.

Our environment is hosted on Amazon Web Services (“AWS”). AWS has a proven track record for physical security and internal controls.

Trading infrastructure

PrimeXBT trading engine has been designed to meet the highest online-trading industry standards. All systems have been uniquely coded to minimize latency and increase order execution speed. System automatically monitors all risks associated with buying power, buying power factor, maximum order size, maximum position size, P/L loss thresholds, odd lot allowance, and executes full risk check after every order placement. PrimeXBT prides itself on having one of the most advanced and reliable trading software on the market.

Get Started

Wallet Security

The majority of customer digital assets (Bitcoin) are held in our offline storage system (“Cold Storage”). Only a small portion of digital assets are held in our online wallet (“Hot Wallet”).

We use Multi-signature access (“Multisig”) to provide both security against attacks and tolerance for losing access to a key or facility, eliminating single points of failure. All fund transfers from Cold Storage to Hot Wallets are handled manually and require the coordinated actions of multiple employees.

2Fa

A dual factor authentication (also known as 2FA or two-step verification) is a security process that requires the user to provide two different authentication factors to verify themselves. It gives a higher level of assurance than single-factor authentication (SFA) methods, that require to only provide one factor (usually a password).

It’s one of the best ways to secure your account and the setup process is very easy so we strongly recommend you to enable 2FA for your account immediately after you complete the registration process. Our 2FA system uses a TOTP solution which means it requires a Google Authenticator app. It’s more secure and reliable than using SMS as 2FA solution.

Follow these steps to enable 2FA:

Next time you will be asked to provide a code from Google Authenticator to access your account or withdraw funds.

Please note that in order to disable your 2FA you will have to contact our support at [email protected] This procedure may take up to 5 business days.

Withdrawal address whitelisting

We offer Customers additional account level protections such as crypto Address Whitelisting. This feature adds an additional layer of protection by allowing customers to whitelist specific withdrawal addresses.

By doing so, withdrawals will be restricted to addresses only included in the whitelist. In the unlikely event that your PrimeXBT account is compromised, an unauthorized user will not be able to withdraw digital assets to a different address.

Follow these easy steps to whitelist your wallet address:

For all questions, security issues or product related inquiries please contact us at [email protected]