The recent security breach at one of India’s largest exchanges was a first of its kind for the Indian crypto community and this unfortunate situation raises serious questions about what exchanges in the developing markets are doing to ensure they keep their customer’s funds safe.
We feel it’s paramount to talk to our community about Alluma’s approach to security. Over the past 16 months we’ve been developing our exchange platform with a focus on usability, liquidity, and security. Along with customer support, these sum to what we believe are the keys to a great customer experience.
Usability and liquidity we’ll talk more about in (many) other posts but today let’s dive into the Alluma security architecture:
We’ve built our ecosystem with a security-first approach, combining the best bank-grade security policies with the latest security methods. We’ve brought on an industry leading 24/7 cyber security partner and have worked intimately with them to design our overall security protocol and incident reporting procedures.
The result? Alluma’s six-layered security architecture designed to keep our customers’ funds safe:
- Best-in-class protection against distributed denial-of-service attacks (DDOS) to prevent any possible service outages
- Two-factor authentication (2FA) and multi-signature are used for every critical action
- Our core exchange engine hidden in a private network, making it inaccessible to all external parties
- Storing funds in cold storage multi-sig wallets stored in biometric vaults to protect against hot wallet attacks (more on this)
- Biometrics used to access the server facilities preventing unauthorized physical access
- Multi-level hardware security including tier 3 sites, self-hosted, wholly-owned servers
We’ve leveraged this architecture to develop our Corporate Governance protocols and ongoing security processes which include:
- Regular rigorous penetration testing (pentest) of the entire platform
- Compulsory two-factor authentication (2FA) for any account attempting to deposit or withdraw.
- Thorough employee background checks or KYE (Know Your Employee), to ensure continuous wallet management has multi-party oversight.
- Adoption of processes that are OWASP developer guide compliant.
- Utilization of SSDLC (Secure Software Development Lifecycle) as a component of our risk avoidance strategy.
Ongoing Security Training
With the help of our security partner, Alluma will be providing ongoing security and response training to all staff across every level to ensure security is is part of our culture.
Hot & Cold Wallet Management
The Alluma approach to fund management will combine high levels of security with high levels of transfer speed to ensure a smooth user experience. Our goal is to have 96–99% of all customer funds stored in offline multi-sig cold wallets locked in secure vaults. The remainder of total digital assets will be kept in a combination of multi-sig hot and warm wallets to help facilitate faster, low-cost transactions for users to withdraw their funds.
What does this mean for you (our customers)?
Many exchanges claim to take security seriously; we’re heavily investing into resources to ensure we can back it up. This means that when you trade on Alluma there are safeguards in place to ensure your funds are kept safe & secure.