Security Overview. CODEX Finds Integrity
In the recent light of multiple hacking attacks on different cryptocurrency exchanges, there’s only one thing left, but to fight your security back in every possible way.
We at CODEX thought about our system integrity thoroughly and tried to mitigate all risks associated with unauthorized access to our service. Besides that, we have worked hard towards the implementation of different security functions that traders could use in order to protect their accounts as well.
Takeaway: A Cybersecurity Audit
A couple of weeks ago, we successfully partnered with Hacken Ecosystem, a cybersecurity company that helped us to run a series of vulnerability tests for our web platform, such as:
- Session Management
- Input Manipulation
- Output Manipulation
- Information Leakage
- Other Tests
It was essential to run this audit because, in the end, we have fixed some minor WEB-specific flaws. Uncommonly, we were able to get a very high-security mark 10/10, which can be considered as rare in this industry.
Bug Bounty Program
Where a team consisting of dozens of professional developers can’t spot an issue, hundreds of people definitely can. Recently, we have successfully launched our bug bounty program on our partner’s platform Hackenproof. Now unexpected vulnerabilities will be fixed much faster, preventing some parts of the service from malfunctioning. CODEX and Hackenproof call for ethical hackers here: https://blog.hackenproof.com/program-launches/codex-launches-bug-bounty-program-on-hackenproof/. If you are one of those professionals, who can test our exchange, then please join!
Small Recap — More Things Were Integrated
Furthermore, we decided to reinforce the API security, by implementing an EdDSA algorithm that allows us to store only a public key. Comparing to other services, we do not store private keys, and they are shown only one time when it’s initially generated.
Scatter Passwordless Authentication
From additional functions, we have implemented a passwordless authentication through the Scatter cryptocurrency wallet. It allows users to avoid using basic login options like email, password and other, thus decreasing the risk of having their login data compromised.
Besides the basic security features like Google and SMS 2FA, we have implemented a handy Backup codes function in case you completely lose access to your phone, email or even Scatter. You can also effectively track your session management, preventing unauthorized access. Moreover, we have made an overhaul of our automatic security systems which will be notifying you by email if there’s a suspicious activity associated with your account.
Furthermore, we are planning to make frequent cybersecurity audits, checking the exchange in terms of various attack vectors and ensuring the integrity of our systems. Currently, we are working hard on additional security features and measures that will be integrated in the near future.