Introduction
Maintaining robust security and transparency is paramount in the digital asset industry. This report summarizes key security initiatives and user protection metrics for October, highlighting our ongoing commitment to safeguarding user assets and providing a secure trading environment. The following sections detail proof of reserves, trading risk controls, and various protective measures implemented during this period.
Proof of Reserves: Ensuring Asset Security
A critical component of user trust is the verifiable proof that user assets are fully backed. Our Proof of Reserves (POR) system employs advanced cryptographic methods to provide transparent and auditable evidence of our holdings.
Latest Reserve Data Snapshot
As of the latest audit, our reserve data for major assets is as follows:
User Assets on Platform:
- BTC: 137,365
- ETH: 1,556,932
- USDT: 5,764,823,628
- USDC: 1,041,307,627
Total Published Wallet Assets:
- BTC: 143,527
- ETH: 1,592,761
- USDT: 6,134,303,815
- USDC: 1,041,417,738
Reserve Ratios and Technological Innovation
The reserve ratio, which compares published wallet assets to user liabilities, consistently exceeds 100% for all major assets, demonstrating full backing. Our POR now utilizes zk-STARK proof technology, a cutting-edge cryptographic method that enhances privacy and scalability while maintaining verifiable accuracy. This system now supports proof for 22 different digital assets, providing broad coverage for our users. 👉 View the latest reserve data and verification tools
Trading and Operational Security Measures
Protecting users from malicious activity and operational risks is a continuous focus. Our multi-layered security approach encompasses real-time monitoring, API management, and educational initiatives.
Anti-Phishing and Risk Control
Our automated risk control systems actively work to prevent financial loss from unauthorized activities. In October, these measures successfully protected 224 users by intercepting 257 attempted withdrawal transactions, preventing an estimated loss of 151,800 USDT. Furthermore, our insurance fund, which helps protect users from abnormal liquidation events, maintained a strong balance of $1.97 billion.
API Key Management and Security
Secure API integration is vital for many traders. To promote best practices, our systems automatically identify and manage inactive keys. During the reporting period, 9,554 API Keys that had been inactive for 14 days and lacked IP address binding were proactively deleted to minimize potential vulnerabilities. Concurrently, user adoption of secure creation methods remained high, with 8,384 new keys created via Fast API and 696 keys configured for third-party application integrations.
New User Protection Program
Trading, particularly with leveraged products, requires careful consideration. Our "Cooling-Off Period" feature for new futures traders is designed to prevent impulsive decisions. In October, this protective measure was activated by 13,260 users, helping them avoid potential losses by introducing a mandatory pause before executing certain contract trades.
Recovery of Misdeposited Assets
User errors in depositing assets to incorrect addresses can be distressing. Our dedicated team assists in recovering these funds whenever possible. Throughout the month, we manually processed 587 cases of misdeposited assets, successfully recovering a total of 532,300 USDT for our users.
Frequently Asked Questions
What is a Proof of Reserves (POR) and why is it important?
A Proof of Reserves is an independent audit that verifies a custodial platform holds sufficient assets to cover all user balances. It's crucial for transparency and trust, as it provides cryptographic evidence that user funds are fully backed and available for withdrawal.
How does the cooling-off period for new traders work?
The cooling-off period is a protective feature that temporarily restricts new users from immediately executing certain leveraged trades. It mandates a waiting period, allowing users time to reconsider their strategy and avoid making impulsive, emotionally-driven decisions that could lead to significant losses.
What should I do if I deposit assets to the wrong address?
If you send assets to an incorrect address, you should immediately contact customer support through official channels. Provide them with all relevant transaction details (TXID, amount, asset type). While recovery is not always possible, the support team will investigate and attempt to retrieve the funds if they are within our ecosystem.
How can I keep my API keys secure?
Always use strong, unique passwords for your exchange account. When creating API keys, restrict their permissions to only what is necessary (e.g., read-only, no withdrawal rights), bind them to specific IP addresses, and delete any keys that are no longer in use. Avoid sharing your secret key with anyone.
What is an insurance fund used for?
An insurance fund, often called a risk reserve fund, is used to cover platform losses that occur during extreme market volatility. Specifically, it can be used to prevent auto-deleveraging (ADL) or to cover losses when a user's liquidation fails to cover the full debt of their leveraged position.
How does the platform protect against phishing attempts?
We employ advanced automated systems that monitor for suspicious login and withdrawal activity patterns indicative of phishing. This includes detecting attempts from unusual locations or devices. However, users must also enable security features like two-factor authentication (2FA) and be vigilant against suspicious emails and websites.
Conclusion
This report underscores a continuous commitment to asset security, proactive risk management, and user education. By maintaining transparent proof of reserves, implementing robust trading controls, and offering protective features, we aim to foster a secure and trustworthy environment for all users. Security is an ongoing process, and we remain dedicated to enhancing our measures to protect user assets and data.