Independent Reserve Security

We take security seriously, it is at the forefront of everything we do. There is no product puffery here.

Platform Security Features

Account Security

  • 2-Factor Authentication on login supports google authenticator, with optional SMS backup.
  • Ability to change username and email address at any time.
  • Username can be freely chosen. We encourage users to not use their email address as username to improve security.
  • Email notifications are sent on each login.
  • Instant account suspension from email link for unauthorised logins.
  • Duress password to suspend an account.
  • Additional security information is requested on login attempts from different IP addresses.
  • Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
  • SMS notifications on account security detail changes (like email change or password changes).
  • Cryptocurrency address whitelisting - Withdrawals to new addresses require email confirmation.
  • Browser whitelisting - Email confirmation for logins from new browsers.
  • Bot shield – Automatic account protection from brute force attacks.
  • Optionally PGP signed emails to verify email validity.

System Security

  • All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
  • Uploaded documents are visibly watermarked (all verification documents and support message attachments).
  • Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
  • Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
  • Full encryption of support chat text messages.
  • All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
  • Secure connections are always enforced when accessing the website or API from any device.
  • Top tier data centres with geographically dispersed disaster recovery backup servers.
  • No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
  • Intrusion detection monitoring for unauthorised system access.

Hot Wallet Security

  • 97%+ of cryptocurrency is stored in cold storage, with constant automated monitoring.
  • Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
  • Continuous monitoring and address reconciliation between system accounts and the blockchain.
  • System explicitly designed to never expose hot wallet private keys, even to administrators.

Cold Storage Security

  • 97%+ of cryptocurrency is stored in cold storage.
  • Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
  • Cold storage requires multiple employees and approvals for physical access.
  • Proprietary offline storage with multiple encryption layers and multiple redundancies.
  • Multi-signature withdrawals always requiring more than one person for execution.
  • Survivorship procedures to recover cold storage funds in case of a catastrophic event.

Operational

  • Regular penetration testing is conducted on the system.
  • Bug bounty in place.
  • Administrators have tiered access to the system.
  • Administrators action relating to user accounts is audited and requires multi-level approvals.
  • Administrators action relating to user accounts or value transfer requires multi-level approvals.
  • Regular Police checks conducted on all administrators with system access.

External Penetration Testing

  • December 2017
  • February 2018
  • May 2018
  • September 2019
  • February 2021
  • August 2021

Security Incidents

Year Incidents
2014 None
2015 None
2016 None
2017 None
2018 None
2019 None
2020 None
2021 None

Bug Bounty

Please report any security vulnerabilities to security@independentreserve.com

Protecting your account

Please see our blog article on measures you can take to protect your account: https://blog.independentreserve.com/knowledge-base/protect-your-account