Security On Coinrule
Last updated November 5, 2024
Learn More About Security On Coinrule
Our users' security is the most important asset on our platform. In a market that regularly faces hacker attacks and market manipulation, we understand how important security and trust is for our traders.
The most important measure of security on Coinrule is that we do not have any withdrawal permissions to your funds on the exchanges. Through Coinrule, funds can never be moved out of your exchange wallets.
Coinrule stores API keys in encrypted form (256bit AES encryption), encrypted with dedicated private keys that are generated for each user separately. These private keys are stored on detached data storage which is also encrypted with AES-256.
We also use data encryption in transit which means all communication between our web app <-> application backend <-> database/cache nodes is encrypted using TLS 1.2 or higher.
We use Cloudflare CDN as another layer of protection against DDoS and other types of attacks.
Important security measures on Coinrule:
- Coinrule does not store passwords in plain text, meaning we don't know your password and we're not able to reconstruct your password from the hash we store
- None of our developers has access to both the database where API keys are securely stored and the storage where respective encryption keys are stored which prevents any internal leak
- We use Recaptcha V3 for all authentication requests - this prevents hackers calling our authentication API endpoints directly
- We use different layers of rate limiting on our authentication endpoints - this prevents dictionary and brute force attacks
- We have various additional unspecified security measures in place to prevent hackers from taking over your accounts
In absence of exchange withdrawal rights, the main attack vector for hackers is to try to gain account access to our users to manipulate market prices.
IMPORTANT AND STRONGLY RECOMMENDED
For fully maximizing your account security, please ensure that both your your exchange account and Coinrule accounts are protected with Two-Factor Authentication and a strong, unique password.
Beware also phishing attacks, fake sites pretending to be Coinrule and scammers asking you to deposit funds.
Coinrule WILL NEVER ask you to deposit funds anywhere on Coinrule.