Independent Reserve security

Protecting your wealth.

Young smiling girl holding a mobile phone

How we treat client assets

No commingling of customer funds: we keep client assets completely separate from our own.

1:1 reserves

We maintain a full 1:1 reserve of all client fiat and digital assets.

We hold the vast majority of digital assets in secure offline cold storage protected in underground vaults with maximum security.

Audited and licensed

We are the first crypto exchange to be licensed by MAS.

Our books are balanced and we carry no debt on our balance sheet. We engage external auditors to verify our holdings with annual audits of our financial statements. This includes verification of all fiat and crypto balances held in custody on behalf of clients.

Segregated funds

We do not commingle customer funds. We maintain complete segregation of all client assets to ensure that when you need to make a withdrawal, you can.

We keep your assets safe. That is our promise.

Single purpose asset utilisation

We do not engage in any lending, borrowing or rehypothecation of assets (i.e. pledging assets as collateral for debt).

Trusted by global partners

  • DBS
  • Fireblocks
  • Ripple
  • Refintiv
  • Bloomberg

Platform security features

Account security

  • 2-Factor Authentication on login supports google authenticator, with optional SMS backup.
  • Ability to change username and email address at any time.
  • Username can be freely chosen. We encourage users to not use their email address as username to improve security.
  • Email notifications are sent on each login.
  • Instant account suspension from email link for unauthorised logins.
  • Duress password to suspend an account.
  • Additional security information is requested on login attempts from different IP addresses.
  • Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
  • SMS notifications on account security detail changes (like email change or password changes).
  • Cryptocurrency address whitelisting - Withdrawals to new addresses require SMS confirmation.
  • Browser whitelisting - Email confirmation for logins from new browsers.
  • Bot shield – Automatic account protection from brute force attacks.

System security

  • All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
  • Uploaded documents are visibly watermarked (all verification documents and support message attachments).
  • Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
  • Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
  • Full encryption of support chat text messages.
  • All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
  • Secure connections are always enforced when accessing the website or API from any device.
  • Top tier data centres with geographically dispersed disaster recovery backup servers.
  • No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
  • Intrusion detection monitoring for unauthorised system access.

Hot wallet security

  • Vast majority of cryptocurrency is stored in cold storage, with constant automated monitoring.
  • Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
  • Continuous monitoring and address reconciliation between system accounts and the blockchain.
  • System explicitly designed to never expose hot wallet private keys, even to administrators.

Cold storage security

  • Vast majority of cryptocurrency is stored in cold storage.
  • Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
  • Cold storage requires multiple employees and approvals for physical access.
  • Proprietary offline storage with multiple encryption layers and multiple redundancies.
  • Multi-signature withdrawals always requiring more than one person for execution.
  • Survivorship procedures to recover cold storage funds in case of a catastrophic event.

Operational

  • Regular penetration testing is conducted on the system.
  • Bug bounty in place.
  • Administrators have tiered access to the system.
  • Administrators actions relating to user accounts or value transfer are audited and require multi-level approvals.
  • Regular Police checks conducted on all administrators with system access.

Awards & Recognition

  • Blockchain Australia Digital Exchange of The Year
  • Deloitte Technology Fast 50 2019 Australia Winner
  • Financial Review Lists 2018 100 Fast
  • Financial Review Most Innovative Companies
  • Financial Times High-Growth Companies Asia-Pacific 2020

External penetration testing

  • December 2017
  • February 2018
  • May 2018
  • September 2019
  • February 2021
  • August 2021
  • November 2022
  • November 2023

Bug bounty

Please report any security vulnerabilities to security@independentreserve.com.

Get started today

Register, deposit and trade in 5 minutes.

Create your account