Security

Military Grade Security

Client Asset Security

100% Multi-signature Cold Storage

All client deposits are stored offline, in multi-signature, geographically distributed, cold storage. Access to the wallets is controlled by individuals located around the world. No crypto is stored in any Overbit office. We take no chances with our client funds. 

Wallet Audits

Overbit conducts a real-time audit for each transaction that takes place - and checks and balance audits on all client wallets and trades. Each client has access to their own ledger.

Transaction Risk Assessment

We have partnered with Coinfirm to identify high-risk wallets and exchanges where we might receive a deposit from or required to send funds to. We take a carefully measured approach to this and may halt transactions to wallets that are flagged up as risky. To safely protect your funds, we may ask for more information.

Email confirmations for deposits and withdrawals

Each time a deposit or withdrawal is made, you will receive an email confirmation. For withdrawals, you will receive an email that requires confirmation within 10 minutes or the withdrawal expires. Each withdrawal is manually checked and if we are not satisfied it is you, we might contact you in other means to confirm you made a withdrawal.

We do not lend your crypto

We do not lend client assets. We keep 100% reserves of all client assets at all times. Any client can withdraw all of their funds at any time.

Enterprise and Data Security

PGP Emails

Choose how you wish to communicate with Overbit. For transaction related e-mails, clients have the option of using PGP (coming soon).

No third party internal applications

All Overbit technology is proprietary to Overbit. We do not use 3rd party applications for any core functions such as trading. No third party has access to our internal systems.

MFA as a policy

MFA (Multi-Factor Authentication) is in our DNA. It is deployed across the enterprise. Our employees use MFA across all access points, particularly where they need access to privileged commands.

Code reviews

We employ a layered security approach to deploying code updates. All code is reviewed by at least two other engineers before it is deployed.

System Security

2FA Security 

Use Google Authenticator or Authy or your favourite authenticator app to access the Overbit platform.

Data Encryption

Overbit employs Encryption of Data at Rest and Encryption of Data in Transit. Access is strictly monitored and audited.

SSL encryption

All communication through our website, trader, API and apps is encrypted with SSL.

Bug Bounty

Overbit has a bug bounty program and pays out different levels of rewards for genuine security flaws found by the community. When vulnerabilities are reported, we take immediate action. 

Physical security

We use geographically distributed data centers protected by 24 hours of surveillance and armed guards.

Penetration Testing

We use third party white hacking services to look for flaws in our system and try and penetrate it. Where we find vulnerabilities, we take immediate action.