[CoinW Platform Introduction]
CoinW is a world-class comprehensive crypto asset trading platform, founded in 2017 by veterans in cryptocurrency, cybersecurity and finance. It has set up 16 localized trading service centers in 13 countries around the world, providing spot and contract services to over 9 million users worldwide.
As a global digital financial service platform focusing on blockchain asset trading, CoinW has been adhering to the service tenet of "empowering the transformation of blockchain technology and finance" and "helping users to increase their wealth" since its establishment five years ago, continuously optimizing its product line, innovating We are leading the new trend of crypto asset industry and promoting blockchain technology and crypto assets to link the world and the future. We believe in comprehensive, rigorous and secure measures, and will not compromise security for convenience. Protecting user information and capital security is the top priority of our platform. The following will publicize the CoinW platform security strategy to our users from many aspects, including user account security measures, risk management system, and security protection measures.
[User account security measures]
1、Multiple identity verification
Login, API key generation and coin withdrawal require multiple verification using cell phone verification code, Google Authenticator, Twilio or U2F security key.
2、Advanced tools are used to monitor the integrity of the account
(1) IP data of each customer login will be recorded and saved, compared, and analyzed for abnormal activities.
(2) If the number of times a customer enters a password before successfully logging in exceeds a limited number of times, the customer is notified by email to indicate the risk.
(3) Intelligent system detects IP address changes to prevent session hijacking.
3、Security protection for coin recharge and withdrawal
(1) The automatic coin recharge and withdrawal system is monitored by operation logs and other user behavior patterns, and will trigger manual checks from administrator in case of abnormal coin recharge and withdrawal.
(2) The small amount automatic coin withdrawal system is safe and fast, with customizable whitelist addresses to ensure the safety of coin withdrawals, and the coin withdrawal confirmation step is not affected by malicious browser software.
(3) Advanced and secure approval chain, risk policy engine controls the security and transparency of digital assets. By setting specific rules and filters to approve transactions before they are sent to the blockchain, it reduces the risk of fraud and unauthorized activity, ensuring that assets are as safe as possible.
4、Cryptocurrency storage
(1) MPC (Multi-Party Computing) wallet is used to manage on-chain transactions.
(2) Trusted execution environment with a military-grade security chip ensures that private keys are never connected to the Internet, protecting your crypto assets from hackers and cyber attacks.
(3) The vast majority of system funds are stored in offline cold wallets, and funds in offline cold storage require multiple signatures from several of our senior members to access.
[Comprehensive Risk Management System]
1、Risk map: Based on the basic information base, spatial dimensional operation is performed based on merchant call data to generate user activity area and risk distribution territory.
2、Strategy configuration: visual rule function management page, you can configure risk rules for relevant event scenarios, analyze user transaction behavior, and focus on monitoring.
3、Event management: multi-dimensional risk event warning management, batch query, detailed data query.
4、Relationship mapping: draw user relationship network based on user information, combine with the risk control engine, discover related accounts, and perform user relationship network evaluation, establish user relationship network model, and explore risks.
5、Platform linkage: The risk control system automatically identifies risks according to preset rules and engines, and gives certain analysis and suggestions, linking with business platforms to provide functions such as release, warning, challenge, blocking and pushing manual audit.
[All-round security protection]
1、WAF protection
(1) the use of rules "engine + AI engine" dual-engine protection model, a large amount of attack and defense data combined with AI algorithms to form a dynamic intelligent attack model;
(2) support malicious advertising detection and interception, mining, JS detection and other value-added features;
2、DDOS protection
(1) For network layer attacks, the use of heterogeneous protection mode, real-time monitoring and analysis of data messages, real-time and efficient blocking of attack messages;
(2) For application layer attacks, use threat intelligence database, IP black and white list, IP access frequency control, log self-learning, human verification and other means to identify abnormal requests and block them;
3、BOT Guard protection
Based on intelligence database, access control, trap induction, human-machine interaction, machine learning and other technologies, real-time detection and analysis of business traffic, and the use of reasonable management strategies for different BOT traffic;
4、Security Acceleration
Externally provide efficient, available and safe acceleration link solutions, and can process targeted links according to user requests to ensure the stability and real-time of user transactions;
5、System security
(1) The optimal Linux system hosting platform.
(2) Our server network is always protected with the latest and optimal software and best practices.
6、Automatic database backup
The platform's database will be backed up, encrypted and compressed into an archive at a frequency of once a day.
7、Automatic creation of backup data copies
After the new backup is ready (database, log files, etc.), it will be sent to other servers in multiple locations.
8、Internal firewall mechanism and regular upgrade
(1) Protection against DDoS attacks.
(2) We have automatic protection against distributed denial of service attacks, which can ensure that transactions will not be stopped by outside attacks.
[Cooperation with HaperLab for platform security]
HaperLab is an Australian-based security company focused on the blockchain ecosystem, securing the CoinW platform.
Its trusted execution environment with a military-grade security chip ensures that private keys are never connected to the internet, protecting your crypto assets from hackers and cyber attacks.
Manage on-chain transactions with MPC (Multi-Party Computing) wallets. MPC is a way to sign transactions without using private keys. Instead, it uses separate key fragments created by different people who do not need to trust each other. This allows no one to own the entire key. Transactions are signed with a single signature, and key segments are never shared publicly or with anyone other than the person who created them.
Advanced and secure approval chain, the risk policy engine controls the security and transparency of digital assets. By setting specific rules and filters to approve transactions before they are sent to the blockchain, it reduces the risk of fraud and unauthorized activity, ensuring that assets are as safe as possible.
The CoinW platform is protected by multiple protections for authentication, permission verification, approval processes, trusted execution environments, MPC signature certification and on-chain processing. Using MPC technology ensures that transactions are secure and private, giving you peace of mind.
CoinW Team
April 21, 2023