Your Assets,
Secured
Industry-leading qualified custodian - Cactus Custody™
Always Offline
- Private keys generated and stored in HSM
- FIPS 140-2 Level 3+ HSM
- Private key plaintext not visible to staff
Global Deployment
- Multi-signature mechanism among data centers
- Data centers distributed across three continents in politically stable countries
High Standards
- Deployed in bank vault-level secure data centers
- Strictly follow ISO27001 and S-SDLC
- Heterogeneous design of data center devices
Key Security
Measures
Mandatory Two-Factor authentication
- All accounts require two-factor verification when logging in
- Ukey / SMS Verification Code / Google Authenticator also required
- All key operations require second verification
High-level encryption measures
- Website traffic runs entirely over https
- High-level encryption algorithms used to store sensitive information
Fine-grained authentication mechanism
- A fine-grained permission design, strict access authentication measures for each interface, and strict isolation between different roles and users
- Transfer whitelist mechanism
Multi-dimensional
Security Assurance
Governance
- 'Security first' is part of our company's culture, embedded in all aspects of our activities, including surveys of personnel during recruitment, training content for new employees, and customized security requirements for different positions
- All company employees are required to abide by the security red-line and have established a corresponding reward and punishment system
Technology
- Adopt and deploy a large number of industry-leading security products and tools
- Developed detailed security design, secure coding, security testing, and security operation and maintenance specifications
- There are more than 100 rules in place to drive for security best practices
Progress
- The S-SDLC security development process is fully implemented to ensure security is integrated into the product development process, and ensure security is the basic quality attribute of products
- Refer to IPDRR architecture, monitor the security status of products and services in real time and respond in a timely manner
- Conduct regular penetration testing activities
Working Together to Ensure
Cyber Security of Matrixport
If you find vulnerabilities in our products, or are targeted by a phishing attack using a fake version of our website, please notify Matrixport Security Response Center immediately.
You can send an email to [email protected]. Thank you for contributing to helping secure our users' assets!
Acknowledgements
John Semos
kindly provided security advice to Matrixport
Faisal Mehmood
reported a Clickjacking issue
Lemon
provided abundant materials for Matrixport employees' security education activities
Abhishek Karle
provided advice on session management and DMARC RECORD configuration
Hassy
Security Certification Recommendations for GA 2FA
Talha Saeed Bin Zafar Iqbal
TLS 1.0 is not turned off
indra juliana
JS file exposes information, API interface leaks information
thinking
ALB configuration error
Karl Smith
GA binding interface call problem
Areeb
DNS is not enabled for CAA protection
Danyal Zafar
Test environment service exposure
Aman
Blog config file error
Indra Juliana
reported an insecure configuration issue of Spring
atestpk
reported a Dom-based XSS vulnerability
Pratik
Log4j2 configuration issue with old service
atestpk
Looking forward to more feedbacks...
