Security
How We Protect Your Assets
Built from the ground up with security as a first-class priority. Institutional-grade encryption, audit trails, and strict elimination of third-party custody risks.
Enterprise-Grade Architecture
We utilize advanced, decentralized networks for BNB Chain, Ethereum, and Solana. Your wallet operations are processed through private architecture we securely control — fundamentally independent of centralized third-party API services.
Eliminating Third-Party Risk
Your funds are absolutely shielded from external custodians. By managing the underlying architecture directly, we eliminate the counterparty vulnerabilities commonly found in traditional exchange wallets.
Encrypted Authentication
All passwords are hashed using bcrypt with salt rounds. Sessions are managed via JWT tokens with NextAuth.js. We never store plaintext credentials. HTTPS (TLS) is enforced for all connections.
Encrypted Transaction Processing
Customer transaction details are kept in an encrypted form. Temporary processing data is auto-deleted after the process is completed, leaving only the minimum required cryptographic proofs and immutable status hashes.
Rate Limiting
Authentication endpoints, API routes, and transaction operations are protected by token-bucket rate limiting. This prevents brute-force attacks, credential stuffing, and API abuse.
On-Chain Verification
Crypto deposits are credited to your wallet only after the required number of blockchain confirmations (3 for BNB/ETH, 1 for Solana). We verify transactions directly on-chain, not through unverified webhook data.
KYC Identity Verification
Our optional KYC system supports document verification (including Aadhaar, PAN, passport), liveness video checks, and admin review workflows. Identity documents are stored with restricted access.
P2P Escrow Protection
Every P2P trade uses reserved balance accounting. The seller's funds are held in escrow during the trade and can only be released upon confirmation. Expired or disputed trades follow defined resolution workflows.
Idempotent Financial Operations
Critical admin operations (approve/reject transactions) support idempotency keys to prevent double-processing. This ensures that retried requests never cause duplicate balance changes.
Questions about security?
We take security seriously. Reach out if you need more details.