Tiered Wallet Architecture
Assets are protected through a combination of hot/cold separation, HSM key management, and threshold multi-signature schemes. Large institutional operations progressively incorporate MPC enhancement.
Cold / Hot Separation
The majority of user assets are held in cold storage, physically isolated from internet-connected systems. Only a carefully managed portion remains in hot wallets for operational liquidity.
HSM Key Custody
Hardware Security Modules are used for cryptographic key storage and signing operations, providing tamper-evident protection that prevents unauthorized access even under physical compromise.
Multi-Signature / Threshold
Critical transactions require multiple independent cryptographic signatures. Threshold signature schemes eliminate single points of failure in key management and signing operations.
MPC â Multi-Party Computation Enhancement
For institutions and large-scale operations, we are progressively introducing MPC-based solutions. MPC enables dynamic threshold adjustments without rebuilding addresses, reduces single-point risk, and optimizes on-chain costs. Adoption in institutional custody has been growing year over year as the industry matures toward decentralized key management.
Self-Developed Low-Latency Engine
Our proprietary matching engine is built on order sequence consistency as its foundational constraint, with redundancy and failover at every critical node.
-
âī¸Partitioning & Horizontal Scaling Supports partition sharding and horizontal expansion to handle increasing load without compromising order integrity or sequence consistency.
-
đFailover & Redundancy Redundancy is deployed at all critical nodes. Clearing pathways are separated from fund accounts to prevent cascading failures.
-
âŠī¸Transactional Rollback Major changes are equipped with transactional switches and rapid rollback capabilities, enabling fast recovery from unexpected states.
-
đĄī¸Pre-Matching Validation Rules engine validates orders before matching, ensuring order quality and preventing malformed or malicious submissions from reaching the engine.
-
đPost-Matching Monitoring Continuous monitoring after match execution detects abnormal patterns, volatility anomalies, and potential market manipulation in real time.
-
đREST / WebSocket / FIX All API interfaces use signature verification and tiered rate limiting. Market makers and quantitative institutions have access to joint debugging sandboxes.
Default-Secure Account Configuration
Every account is protected by a layered set of security defaults â mandatory for all users, with additional controls available for institutions and high-value accounts.
Mandatory 2FA
Two-factor authentication is required for all accounts without exception. Users may not disable 2FA once enabled, ensuring a consistent security baseline across the platform.
Device Trust Management
Unknown devices trigger verification flows and remote login alerts. Device trust lists are maintained per account, with immediate notification of unrecognized access attempts.
Withdrawal Controls
Large withdrawals trigger behavioral scoring and time delays before execution. Withdrawal whitelists and address verification ensure funds only move to confirmed destinations.
Behavioral Detection
Abnormal login and withdrawal behavior triggers interception and secondary confirmation. "Silent success" is never prioritized over user protection during login or transaction flows.
Large-Amount Delays
Withdrawals above configurable thresholds are subject to time-locked delays, linked to behavioral scoring. This provides a recovery window in the event of account compromise.
Scam & Phishing Education
Anti-fraud education is integrated into the registration flow. Users learn to identify official vs. counterfeit channels before completing their first transaction.
Verifiable Asset Proof (PoR)
We are building toward a transparent, verifiable proof-of-reserves framework â based on Merkle tree snapshots and third-party method reviews, with a roadmap toward zero-knowledge proof integration.
-
đŗMerkle Tree Snapshots Current PoR is based on Merkle tree asset snapshots, allowing users to verify inclusion of their balance without exposing other users' data.
-
đThird-Party Method Review Our PoR methodology is reviewed by independent third parties to validate correctness of the approach, not just the result.
-
đZero-Knowledge Proof Roadmap We are monitoring industry adoption of zk-SNARK/zk-STARK for PoR, with interfaces reserved in our technical architecture for future integration.
Important Scope Note
Proof-of-Reserves is a verifiable snapshot demonstrating that on-chain assets meet or exceed user liability balances at a given point in time. PoR is not a substitute for a full financial audit. We are transparent about this boundary in all our disclosures â our goal is to provide verifiable trust, not misleading certainty.
End-to-End Monitoring & Disaster Recovery
We maintain constant observability across all systems and conduct regular exercises to ensure recovery capabilities are real, not theoretical.
Capacity Stress Testing
Regular load and stress tests are conducted against production-equivalent environments to identify bottlenecks before they become incidents.
Multi-Region Disaster Recovery
Multi-region failover drills are conducted routinely (normalized since May 2024). Rollback processes are fully standardized and regularly rehearsed.
Public Status Page
Key events and timelines are disclosed on our status page using standardized templates. Root cause summaries are published after major incidents so external parties can evaluate our response.