Your Assets,
Secured

Industry-leading qualified custodian - Cactus Custody™

Siempre offline

Always Offline

  • Private keys generated and stored in HSM
  • FIPS 140-2 Level 3+ HSM
  • Private key plaintext not visible to staff
Despliegue globa

Global Deployment

  • Multi-signature mechanism among data centers
  • Data centers distributed across three continents in politically stable countries
Altos estándares

High Standards

  • Deployed in bank vault-level secure data centers
  • Strictly follow ISO27001 and S-SDLC
  • Heterogeneous design of data center devices

Key Security
Measures

Mandatory Two-Factor authentication

  • All accounts require two-factor verification when logging in
  • Ukey / SMS Verification Code / Google Authenticator also required
  • All key operations require second verification

High-level encryption measures

  • Website traffic runs entirely over https
  • High-level encryption algorithms used to store sensitive information

Fine-grained authentication mechanism

  • A fine-grained permission design, strict access authentication measures for each interface, and strict isolation between different roles and users
  • Transfer whitelist mechanism
A woman is using a Macbook

Multi-dimensional
Security Assurance

Governance

  • 'Security first' is part of our company's culture, embedded in all aspects of our activities, including surveys of personnel during recruitment, training content for new employees, and customized security requirements for different positions
  • All company employees are required to abide by the security red-line and have established a corresponding reward and punishment system

Technology

  • Adopt and deploy a large number of industry-leading security products and tools
  • Developed detailed security design, secure coding, security testing, and security operation and maintenance specifications
  • There are more than 100 rules in place to drive for security best practices

Progress

  • The S-SDLC security development process is fully implemented to ensure security is integrated into the product development process, and ensure security is the basic quality attribute of products
  • Refer to IPDRR architecture, monitor the security status of products and services in real time and respond in a timely manner
  • Conduct regular penetration testing activities
Security page design

Working Together to Ensure
Cyber Security of Matrixport

If you find vulnerabilities in our products, or are targeted by a phishing attack using a fake version of our website, please notify Matrixport Security Response Center immediately.
You can send an email to [email protected]. Thank you for contributing to helping secure our users' assets!

Acknowledgements

John Semos

kindly provided security advice to Matrixport

Faisal Mehmood

reported a Clickjacking issue

Lemon

provided abundant materials for Matrixport employees' security education activities

Abhishek Karle

provided advice on session management and DMARC RECORD configuration

Hassy

Security Certification Recommendations for GA 2FA

Talha Saeed Bin Zafar Iqbal

TLS 1.0 is not turned off

indra juliana

JS file exposes information, API interface leaks information

thinking

ALB configuration error

Karl Smith

GA binding interface call problem

Areeb

DNS is not enabled for CAA protection

Danyal Zafar

Test environment service exposure

Aman

Blog config file error

Indra Juliana

reported an insecure configuration issue of Spring

atestpk

reported a Dom-based XSS vulnerability

Pratik

Log4j2 configuration issue with old service

atestpk

Looking forward to more feedbacks...

Subscribe to our newsletter

Stay ahead with the latest updates from Matrixport

Successfully subscribed, thank you!
Start your crypto journey today and invest like never before!

A man is looking at an iphone with a Macbook