Independent Reserve Security
We take security seriously, it is at the forefront of everything we do.
As leaders in the industry, we are committed to providing the most trusted and secure platform for investors to buy, trade and store cryptocurrencies. Independent Reserve is a responsible cryptocurrency exchange with a risk-averse approach to the way we manage our business.
We maintain complete segregation of our customer assets at all times to ensure that if you need your crypto, we’ve got it. We keep your funds safe. That is our promise.
How we treat client assets
- We do not ever lend, trade or reinvest your assets.
- We maintain 1:1 reserves of all client assets and keep the vast majority of these in offline cold storage vaults.
- We maintain segregation of our customers’ holdings.
- Our books are balanced, and there is no debt on our balance sheet.
- We engage external auditors to undertake an annual audit of our financial statements in accordance with Australian Accounting Standards. The audit includes verification of all client asset holdings. Both fiat and crypto.
Platform Security Features
- 2-Factor Authentication on login supports google authenticator, with optional SMS backup.
- Ability to change username and email address at any time.
- Username can be freely chosen. We encourage users to not use their email address as username to improve security.
- Email notifications are sent on each login.
- Instant account suspension from email link for unauthorised logins.
- Duress password to suspend an account.
- Additional security information is requested on login attempts from different IP addresses.
- Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
- SMS notifications on account security detail changes (like email change or password changes).
- Cryptocurrency address whitelisting - Withdrawals to new addresses require SMS confirmation.
- Browser whitelisting - Email confirmation for logins from new browsers.
- Bot shield – Automatic account protection from brute force attacks.
- Optionally PGP signed emails to verify email validity.
- All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
- Uploaded documents are visibly watermarked (all verification documents and support message attachments).
- Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
- Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
- Full encryption of support chat text messages.
- All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
- Secure connections are always enforced when accessing the website or API from any device.
- Top tier data centres with geographically dispersed disaster recovery backup servers.
- No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
- Intrusion detection monitoring for unauthorised system access.
Hot Wallet Security
- 97%+ of cryptocurrency is stored in cold storage, with constant automated monitoring.
- Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
- Continuous monitoring and address reconciliation between system accounts and the blockchain.
- System explicitly designed to never expose hot wallet private keys, even to administrators.
Cold Storage Security
- 97%+ of cryptocurrency is stored in cold storage.
- Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
- Cold storage requires multiple employees and approvals for physical access.
- Proprietary offline storage with multiple encryption layers and multiple redundancies.
- Multi-signature withdrawals always requiring more than one person for execution.
- Survivorship procedures to recover cold storage funds in case of a catastrophic event.
- Regular penetration testing is conducted on the system.
- Bug bounty in place.
- Administrators have tiered access to the system.
- Administrators actions relating to user accounts or value transfer are audited and require multi-level approvals.
- Regular Police checks conducted on all administrators with system access.
External Penetration Testing
- December 2017
- February 2018
- May 2018
- September 2019
- February 2021
- August 2021
- November 2022
Please report any security vulnerabilities to firstname.lastname@example.org
Protecting your account
Please see our blog article on measures you can take to protect your account: https://www.independentreserve.com/blog/knowledge-base/protect-your-account