This new and exciting time in cryptocurrencies & digital assets constantly reminds us of the challenges that platforms and users face daily. Anything of value becomes a target in our modern world, highlighted time and time again. This doesn’t mean we should fear cryptocurrency which is clearly becoming the future of value transfer, but it does mean we all must trust only as much as necessary, otherwise, how much better off are we from where we came from?
With decentralized exchanges still feeling underwhelming, at ChainRift, we’re moving to continually improve by developing a ‘trust minimized’ platform. We believe this is the best option for ensuring users’ assets are safe, because users will have full access to their private keys, yet this model will maintain compliance with national regulations and ensure all of our users continue to have access to the quality level of support we pride ourselves on.
We’re of course conscious of the landscape, and whenever we hear of other platforms suffering from breaches or hacks we make sure we try to understand as best we can: to learn from the community we’re a part of.
Our developers deeply understand security and cryptography, and we’ve harnessed their knowledge to implement this deep within our platform’s operation. As with many cryptocurrencies such as Bitcoin, we only store the public key for your API. This has a profound effect on the security and integrity of our system, as it ensures your private keys are as safe as you make them (since they are in your control), and in a worst-case scenario where we’re breached, since we cannot access them, neither can a hacker.
There is no downside to this implementation and in our opinion, this method ensures a high standard of safety for users. If you forget your password credentials the only thing we can do is reset your API key, which might be slightly inconvenient, especially in complex bot set-ups, but is an easily justifiable trade-off. We’re certain this is the best course of action, and we’re reminded last week that this is the right decision, in light of another significant trading platform’s hack and breach.
Phishing also contributes to these kinds of attacks, and our anti-phishing string or phrase is effective in mitigating some of these risks. The security string or phrase appears every time you log in once you’ve set this up via your profile, as well as on each email communication from us. If you do not see the phrase you’ve entered, or if it’s different from the one you chose on setup, it likely means that you have encountered a malicious phishing site and you should contact our support team as soon as possible.
One of the best security features of our exchanges lies deep within the trading engine. We employ an audit system that ensures all user balances uses cryptography for constantly checking database integrity. This is something we believe is quite unique within the digital assets trading platform space and something which maintains security best when we don’t talk about it! We know you’ll understand.
We have IP address whitelisting, in case you’ve got a VPN or static IP address that you use for accessing your ChainRift account. This adds another layer of security to your account and your assets. It’s important to layer security, to ensure that no one single issue will result in a breach. IP address whitelisting can be a powerful layer to add, and we do recommend you utilize this feature if you use a static IP.
Users have a significant amount of control over their settings, including the ability to set custom session expiration times. If you’re someone who logs in once or twice a day to check on your orders, and know that you get things set in 15 or 20 minutes (all business!), then setting your sessions to expire after 30 minutes would be perfect, and will ensure if you’re ever pulled away from the session, you’re automatically logged out, relocking your account!
Two-factor authentication (2FA) is starting to see a good amount of implementation, which we love. For your security, once you’ve set up your 2FA device it will apply to all important actions, for example, the withdrawal of assets. We’re still shocked that many banks and traditional financial institutions do not allow for industry-leading 2FA on your online accounts. Additionally you’ll need to confirm withdrawals via your email (from within the browser your current session is on!); however, we understand this might logistically impede some uses (such as arbitragers!) therefore you can turn this off if for specific IP addresses you’ve whitelisted.
The account and transactional security is all one thing, but the actual asset protection is another. We have strict fund security using hot and cold wallet logics, as well as tight server security. Our security is continuously being improved, and our design keeps with industry best practices. We can’t go further into the real back end since, well, it would be bad security practice! But it’s something at ChainRift we take extremely seriously, so much so that if there are any issues you can contact our security team and claim a bug bounty!
We’re all in this together, and our goals are big. We’re going to continue to push forward in our dream of creating a platform that gives users the control we, as believers ourselves in cryptocurrency ourselves, are certain is the reason we’re all here in this space, to begin with. Our team analyzes our platform at every opportunity and the recent major breach suffered by another platform prompts us to re-examine our security measures and never become complacent.