These measures were designed to establish an aggressive approach toward significantly limiting the attack surface of our infrastructure by making it prohibitively difficult to compromise.
Our cold storage maintains approximately 99.5% of user funds in an offline, multisignature wallet; requiring 4 of 7 hardware security modules (HSMs) in possession by globally-distributed management team members to approve all transactions. In the event an administrator is compromised and forced to log into the platform, a single HSM would not be sufficient to initiate transfer of funds. The challenge to acquire enough of these devices to access cold storage is tantamount to impossible.
Our hot wallet maintains only the funds necessary to fulfil withdrawals in the queue, approximately 0.5%. To refill the hot wallet, 4 of 7 HSMs are required to initiate a transfer from the cold wallet to the hot wallet.
Bitfinex migrated to a new data server and our expanded security team performed a comprehensive audit of our entire stack, including a deep analysis of all source code and dependencies.
- Intelligent load balancing and failover routing among servers to increase performance
- Real-time malicious traffic detection blocks malicious server requests
- Automatic inline mitigation measures decrease latency and increase uptime
- Leading privacy and performance through encrypted connections with HTTPS TLS 1.3
Routine penetration testing is performed to preserve the integrity of our systems under endless attack scenarios.
- Always Up-to-Date Linux Systems to Host the Platform
- Daily Automatic Encrypted Database Backups to Multiple Off-site Locations
- Encrypted User Password Storage
The security team at Bitfinex continues to audit protocol implementation at every level of the platform in order to maintain an inherently hostile environment toward intrusion; further employing routine external security audits.
INDIVIDUAL USER SECURITY
Bitfinex provides a strong portfolio of user-determined security measures, and we encourage all users to review our Greenlane Conditions which significantly increase personal security, reduce the required number of confirmations for cryptocurrency deposits, and prioritize withdrawals through automatic processing.
Two-Factor Authentication (2FA)
We implemented the following mechanisms of 2FA:
- Google Authenticator on Android and iOS devices
- Physical Security Key using FIDO Universal 2nd Factor (U2F)
Enabling 2FA places a second level of security between an attacker and withdrawal confirmations, password changes, API key creation, and logins.
In addition, as a cautionary step, all accounts that have not implemented Two-Factor Authentication (2FA) measures will receive an email from our system with a link to access their account.
Keep Session Alive
When logged in and inactive, the browser will ping the platform every 10 minutes to keep the session alive. If disabled, the session will expire after 30 minutes of inactivity and the user’s account will be automatically logged out.
Send Email on Login
Receive an email each time someone logs into your account. The email will contain information about the IP of the authenticated user and a link to freeze your account if you suspect malicious activity.
Detect IP Address Change
If the IP address used to access a user’s account changes on any request, all open sessions will be immediately invalidated and the account will be automatically logged out. This prevents session hijacking.
IP Address Whitelist
Limit account access by IP address. Users can provide one or more IP addresses and/or specify an IP range. Anyone without access to the whitelisted IPs is denied use of the account.
Each login to a user’s account is saved and can be personally audited
API Key Permissions
Create API keys with advanced read/write permissions on a per-feature basis.
Email Encryption with OpenPGP
Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for correspondence. It uses a variation of the public key system.
Monitor Withdrawals by IP
If a withdrawal is requested from a new IP address, the account holder will receive an email asking to review and verify the withdrawal. The period of distrust for IP changes is 24 hours.
Lock withdrawals for 24 hours when a new IP address is used
When a new IP address is used to log into a user’s account, all withdrawals will be locked for 24 hours and the user will receive an email notification with a link to freeze the account for activity review.
Custom Withdrawal Check
Add a secret phrase to the withdrawal confirmation image. When enabled, users will see a tamper-proof image that confirms the details of a withdraw and includes the secret phrase. This additional redundancy ensures your withdrawal details have not been compromised by malware or a man-in-the-middle attack.
Lock/Disable Withdrawal Addresses
Set a specific withdrawal address for each currency or disable withdrawals for a currency altogether. Changing or disabling the address lock requires confirmation by email and will begin an automated 5-day withdrawal hold on the account.
SUSPICIOUS ACTIVITY DETECTION
Suspicious activity detection is both automated by our security infrastructure and manually reviewed by our security team. This process involves the user’s participation by reviewing activities such as password resets, 2FA removal requests, geolocation, and user hardware/software specifics.
Our security team monitors activity patterns and recognizes deviations that could significantly change the status of account balances for a user, such as withdrawal requests for entire accounts, requests to change usernames, associated email addresses, and withdrawal addresses.
These mechanisms are not intended to dictate account usage; rather, they are designed specifically as measures of due diligence while users engage with the Bitfinex platform.