100% Multi-signature Cold Storage
All client deposits are stored offline, in multi-signature, geographically distributed, cold storage. Access to the wallets is controlled by individuals located around the world. No crypto is stored in any Overbit office. We take no chances with our client funds.
Overbit conducts a real-time audit for each transaction that takes place - and checks and balance audits on all client wallets and trades. Each client has access to their own ledger.
Transaction Risk Assessment
We have partnered with Coinfirm to identify high-risk wallets and exchanges where we might receive a deposit from or required to send funds to. We take a carefully measured approach to this and may halt transactions to wallets that are flagged up as risky. To safely protect your funds, we may ask for more information.
Email confirmations for deposits and withdrawals
Each time a deposit or withdrawal is made, you will receive an email confirmation. For withdrawals, you will receive an email that requires confirmation within 10 minutes or the withdrawal expires. Each withdrawal is manually checked and if we are not satisfied it is you, we might contact you in other means to confirm you made a withdrawal.
We do not lend your crypto
We do not lend client assets. We keep 100% reserves of all client assets at all times. Any client can withdraw all of their funds at any time.
Choose how you wish to communicate with Overbit. For transaction related e-mails, clients have the option of using PGP (coming soon).
No third party internal applications
All Overbit technology is proprietary to Overbit. We do not use 3rd party applications for any core functions such as trading. No third party has access to our internal systems.
MFA as a policy
MFA (Multi-Factor Authentication) is in our DNA. It is deployed across the enterprise. Our employees use MFA across all access points, particularly where they need access to privileged commands.
We employ a layered security approach to deploying code updates. All code is reviewed by at least two other engineers before it is deployed.
Use Google Authenticator or Authy or your favourite authenticator app to access the Overbit platform.
Overbit employs Encryption of Data at Rest and Encryption of Data in Transit. Access is strictly monitored and audited.
All communication through our website, trader, API and apps is encrypted with SSL.
Overbit has a bug bounty program and pays out different levels of rewards for genuine security flaws found by the community. When vulnerabilities are reported, we take immediate action.
We use geographically distributed data centers protected by 24 hours of surveillance and armed guards.
We use third party white hacking services to look for flaws in our system and try and penetrate it. Where we find vulnerabilities, we take immediate action.