Our cold storage maintains approximately 95-98% of user funds in an offline, multisignature wallet. Transactions require 4 of 7 hardware security modules (HSMs). In the event an administrator is compromised and forced to log into the platform, a single HSM would not be sufficient to initiate transfer of funds. The challenge to acquire enough of these devices to access cold storage is extremely difficult.
Our hot wallet maintains only the funds necessary to fulfill withdrawals in the queue which is approximately 2-5%. To refill the hot wallet, 4 of 7 HSMs are required to initiate a transfer from the cold wallet to the hot wallet.
NDAX uses multiple data servers that are isolated and monitored 24/7. Any malicious attack on one of the servers will automatically shut down the network and prevent any damage to the website's assets, end user information and valuables. Our security team performs a comprehensive audit of our entire stack, including a deep analysis of all source code and dependencies.
- Load balancing and fail-over routing among servers to increase performance across Canada.
- Real-time malicious traffic detection.
- Automatic inline mitigation measures.
- Leading private and performance through an encrypted connection.
Third Party Audits
The security team at NDAX takes security extremely seriously. In addition to the routine internal audits to our infrastructure, NDAX also utilizes third party services to perform various security penetration attempts. NDAX also provides a bounty for hackers that find and report a vulnerability.
Two-Facor Authentication (2FA)
Currently implemented 2FA mechanisms:
- Google Authenticator
Enabling 2FA is highly recommended to secure your account. Consequently, you will need to enable 2FA in order to perform activities such as withdrawals, API connections, etc.
Send Email on Login
Receive an email each time someone logs into your account. The email will contain information about the I.P. of the authenticated user and a link to freeze your account if you suspect malicious activity.
Other valuable tools:
- Detect IP Address Change.
- IP Address Whitelist.
- Login History.
- API Key permissions.
- Email Encryption with OpenPGP.
- Monitor Withdrawals by IP.
- Lock withdrawals for 24 hours when a new Ip address is used.
- Suspicious Activity Detection.