Cryptocurrency Security
Military Grade Security
Methodology
At Overbit, we take cryptocurrency security very seriously. We have a dedicated and geographically distributed team monitoring and auditing our trading systems and transactions 24/7. We do not disclose details of our security team and you will not find them being mentioned on social media websites. We have also outlined some important security features below that are part of the Overbit system.
Client Asset Security
100% multi-signature cold wallet
All client deposits are stored offline, in multi-signature, geographically distributed, cold storage. Access to the wallets is controlled by individuals located around the world. No crypto is stored in any Overbit office. We take no chances with our client funds.
Wallet audits
Overbit conducts a real-time audit for each transaction that takes place – and checks and balance audits on all client wallets and trades. Each client has access to their own ledger.
Transactional risk assessment
We have partnered with CipherTrace to identify high-risk wallets and exchanges where we might receive a deposit from or required to send funds to. We take a carefully measured approach to this and may halt transactions to wallets that are flagged up as risky. To safely protect your funds, we may ask for more information.
Email confirmations for deposits and withdrawals
Each time a deposit or withdrawal is made, you will receive an email confirmation. For withdrawals, you will receive an email that requires confirmation within 10 minutes or the withdrawal expires. Each withdrawal is manually checked and if we are not satisfied it is you, we might contact you in other means to confirm you made a withdrawal.
We do not lend your crypto
We do not lend client assets. We keep 100% reserves of all client assets at all times. Any client can withdraw all of their funds at any time.
Enterprise and data security
PGP emails
Choose how you wish to communicate with Overbit. For transaction related e-mails, clients have the option of using PGP (coming soon).
No third party internal applications
All Overbit technology is proprietary to Overbit. We do not use 3rd party applications for any core functions such as trading. No third party has access to our internal systems.
MFA as a policy
MFA (Multi-Factor Authentication) is in our DNA. It is deployed across the enterprise. Our employees use MFA across all access points, particularly where they need access to privileged commands.
Code reviews
We employ a layered security approach to deploying code updates. All code is reviewed by at least two other engineers before it is deployed.
System security
2FA security
Use Google Authenticator or Authy or your favourite authenticator app to access the Overbit platform.
Data encryption
Overbit employs Encryption of Data at Rest and Encryption of Data in Transit. Access is strictly monitored and audited.
SSL encryption
All communication through our website, trader, API and apps is encrypted with SSL.
Bug bounty
Overbit has a bug bounty program and pays out different levels of rewards for genuine security flaws found by the community. When vulnerabilities are reported, we take immediate action.
Physical security
We use geographically distributed data centers protected by 24 hours of surveillance and armed guards.
Penetration testing
We use third party white hacking services to look for flaws in our system and try and penetrate it. Where we find vulnerabilities, we take immediate action.