Security
Cyber-security framework
The purpose of the Covestingâs Cyber-security framework is to ensure that there are strict measures and practices in place to protect our software solutions against any eventualities and threats. We are conducting periodical stress tests and security audits to ensure compliance with the strictest security standards.
Digital Asset Security
Cold Storage
Offline wallet system (Cold storage) provides an important security measure against hacking, theft or loss. Asset transfers from the Cold storage require actions of multiple employees. All private keys are stored in safe deposit boxes and vaults distributed geographically.
Hot Wallets
The hot wallet keys are generated, stored and managed in HSM (hardware security modules) serviced by Azure Key Vault. HSMâs hardware has been evaluated according to FIPS publication 140-2 with a rating of Level 2.
Learn more
Platform Protection
- 2FA (provided by Google Auth) provides security to the login/registration processes, as well as executing withdrawals.
- Our website traffic runs through encrypted SSL (https).
- We partner with Cloudfare and other vendors to mitigate potential distributed denial-of-service (âDDoSâ) attacks.
- All passwords are cryptographically hashed (using bcrypt with a cost factor of 12) while all other sensitive data is encrypted.
- All systems used will ensure the right level of access to authorized personnel with up to date monitoring systems. On-going and proactive security assessments are conducted to keep up to date with new threats and potential vulnerabilities.
Internal Controls
Covestingâs staff is educated on cybersecurity awareness and adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures and agreements. We are compliant with four eyes principles as required by GFSC. All employees undergo criminal and background checks, and are subject to ongoing checks throughout their employment at Covesting.
