Protecting your assets
We protect the security of your assets by using secure hot and cold wallet systems with multiple approvals and multiple backups.
Our security design philosophy
Multiple signature mechanisms are implemented to ensure that transactions require the verification and signatures of multiple parties. This mitigates the risks of insider threats or single point of compromise.
While a portion of assets remain in hot wallets to optimize transaction efficiency, the majority of assets are stored completely offline in cold wallets, protecting them from network attacks. This greatly reduces the risk of hacking, securing all assets in cold wallets even if hot wallets are compromised.
Every transaction undergoes multiple layers of risk checks to identify suspicious transactions or withdrawal activities in real time. Coupled with whitelisted address verification and dynamic transaction limits, we ensure that our system operates securely and efficiently.
Our hot wallet
Our hot wallet system implements multiple technical features to provide a seamless withdrawal experience while ensuring your asset security.
Secure hot wallet design
Crypto exchanges require instant access to assets to support users' and withdrawal needs. Relying solely on cold wallets is far from sufficient to meet user needs. The hot wallet is therefore essential to enable instant access to assets.
With connections to the internet, the safe operation of hot wallet systems could be challenging. Therefore, we develop our own semi-offline multi-signature mechanism, which supports daily deposits and withdrawals effectively with a highly secure environment.
Hot wallet design principles
To better secure against offline physical attacks, our semi-offline devices store private keys in volatile memory instead of non-volatile memory.
We don't use typical TCP/IP when processing transactions. Instead, we've developed a semi-offline signature mechanism, a special protocol protecting against cyber attacks.
Transfers from our wallet system require signing from multiple keys stored in separate geographic locations, preventing single point of compromise.
We plan for the unexpected before it happens—private keys have multiple backups with various emergency response plans.
How do we securely manage our hot wallet?
Private keys management
Private keys are randomly generated, encrypted and stored on devices which require multiple authorized personnel to act together to access. All backups of these keys are stored in secure vaults in different locations.
If any private key holder has an accident that risks permanent loss of access to the private key, a backup key is activated within hours. In the event of a compromise, security measures are immediately taken to remove access of existing private key holders, and a new private key holder will be designated afterwards. For temporary duty absences, the corresponding response plan is activated to resume operations.
Risk control and transaction security
The risk management system reviews all deposit transactions based on the following criteria:
- Whether the customer's funds originate from a blacklisted address
- Whether the transaction on blockchain has enough confirmations
- Whether the transaction fails risk control rules
- Whether the user account shows signs of abnormal behaviors
Semi-offline multiple signature mechanisms are adopted for transaction signing. Transactions also have to pass risk control checks before being processed for signing. To safeguard against unauthorized access, even in the case of a physical attack or leakage, all private keys are stored in the devices' volatile memory in multiple secure locations.
While hot wallets optimize transaction efficiency, we have a cold wallet system holding the majority of your assets to provide the maximum level of protection.
Our cold wallet
OKX ensures the cold wallets are secure through sophisticated security mechanisms and offline storage of the majority of assets.
Secure cold wallet design
With connections to the internet, hot wallets might still be exposed to network-based attacks, which may pose risks to wallet security. This concern could be effectively addressed by the use of offline cold wallets. By keeping private keys offline and never exposing them to the internet, we’re able to ensure the safety of funds holistically.
Cold wallet design principles
Anything connected to the internet is inherently vulnerable. That's why we keep the majority of all funds in our offline, air-gapped cold wallet system.
Security-hardened storage media are employed to prevent virus implantation.
Access to our cold wallet system requires confirmation from multiple authorized personnel.
Unexpected and unforeseeable events may happen. Our architecture offers multiple offsite backups to reduce risk. We use secure vaults requiring in-person access for custody.
How do we securely manage our cold wallet?
Private keys management
Cold wallet addresses with private keys are generated on offline devices, where they are encrypted using Advanced Encryption Standard (AES). Unencrypted versions of the private keys are never stored.
The encrypted private keys are stored in offline devices located within secure vaults. Additional private key backups are created and stored in vaults in separate locations.
Risk control and transaction security
To further strengthen security against unauthorized access, we ensure only limited authorized employees are granted access to vaults, and implement segregation of duties.
Cold wallet assets are stored across multiple addresses, with limits on the amount of assets that each address can hold, minimizing the impact of total asset loss even if individual addresses are compromised.
For cold wallet withdrawals, decryption is first performed on encrypted private keys. The transactions are then signed on the offline devices, and transferred via a secure mechanism to the online devices for broadcasting. Transactions will be verified to ensure they’re sent to the correct addresses that are whitelisted in advance.