Security First
Matrixport's end-to-end security design, globally distributed infrastructure, and business-focused security innovation ensure user asset security and reliability
Your Assets, Our Protection
Cactus Custody™ — Independently Developed, Industry-Leading Custody Solution
Secure Key Management
Cold and hot storage private keys generated and stored in HSMs
FIPS 140-2 Level 3 or higher HSMs
Private key plaintext never visible to anyone
Distributed Infrastructure
Multi-signature scheme distributed across three continents
Located in multiple politically stable countries
Institutional‑Grade Operational Security
Deployed in institutional vault-grade data centers
Strictly compliant with ISO27001 and S-SDLC
Hardware heterogeneity across data centers
Key Security Measures
Mandatory 2FA
Two-factor authentication required for all account logins
Ukey/SMS/Google Authenticator required
2FA mandatory for all critical operations
High-level encryption measures
Full HTTPS service adoption
High-standard security encryption algorithms for sensitive information
Fine-grained verification and authentication mechanism
Fine-grained permission design with complete verification and authentication measures
High-standard encryption algorithms for sensitive data
Transfer Whitelist Mechanism
Users can pre-configure trusted receiving addresses (whitelist). Only these approved addresses can receive transfers, preventing funds from being sent to unauthorized or unfamiliar addresses. This effectively reduces the risk of funds being transferred to malicious addresses due to operational errors or social engineering attacks.
Multi-dimensional Security Mechanisms
Management
"Security First" is integral to our culture, implemented across all activities
All employees must follow security red lines with corresponding reward and penalty systems
We are experienced security professionals
Technology
Deployment of industry-leading security products and tools
Detailed security design, coding, testing, and maintenance specifications
Over 100 security best practice rules
Process
Full implementation of S-SDLC security development process
IPDRR framework-based real-time security monitoring
Regular penetration testing activities are conducted.
Jointly Protect Matrixport's Cybersecurity
If you discover vulnerabilities in our products or become a target of phishing attacks after using fake versions of our website, please immediately notify the Matrixport Security Response Center by sending an email to [email protected]. Thank you for your contribution to protecting our users' assets.
Acknowledgments List
John Semos
Actively provided security suggestions to Matrixport
Faisal Mehmood
Reported a Clickjacking vulnerability on Matrixport website
Lemon
Contributed materials for security education initiatives leveraging excellent drawing skills
Abhishek Karle
Reported session management and DMARC record configuration issues
Hassy
Actively provided security suggestions to Matrixport
Talha Saeed Bin Zafar Iqbal
Reported that TLS 1.0 was not disabled
Indra Juliana
Reported JS file information exposure, API interface leakage, and a Spring configuration issue
Thinking
Reported session management and DMARC record configuration issues
Karl Smith
Reported a GA binding interface call issue
John Semos
Actively provided security suggestions to Matrixport
Danyal Zafar
Reported test environment service exposure
Aman
Reported a blog profile configuration error
Indra Juliana
Reported a Spring configuration issue
Atestpk
Reported a DOM-based XSS vulnerability
Pratik
Reported a legacy service Log4j2 configuration issue
Looking forward to more reports and feedback from you