Our cold storage maintains more than 98% of user funds in an offline, multisignature wallet, requiring 4 of 7 hardware security modules (HSMs) in possession by globally-distributed management team members to approve all transactions. If an administrator is compromised and forced to log into the platform, a single HSM would not be sufficient to initiate transfer of funds. The challenge to acquire enough of these devices to access cold storage is tantamount to impossible.
Our hot wallet maintains only the funds necessary to fulfill withdrawals in the queue, approximately 0.5%. To refill the hot wallet, 4 of 7 HSMs are required to initiate a transfer from the cold wallet to the hot wallet.
BitForex migrated to a new data server and our expanded security team performed a comprehensive audit of our entire stack, including a deep analysis of all source code and dependencies.
Intelligent load balancing and failover routing among servers help to increase performance. Real-time malicious traffic detection blocks malicious server requests. Automatic inline mitigation measures decrease latency and increase uptime. Through encrypted connections with HTTPS TLS 1.3, pricy and performance are improved.