What does CoinLoan do to secure your funds?
Here is how our platform works security-wise.
Secure cloud infrastructure
We use the best cloud service provider available on the market. It is certified by the world’s strict security standards and is trusted by major banks and financial institutions.
Modern encryption standards (SSL with TLS 1.3, DNSSEC, and HSTS)
Traffic between a client browser and server uses the most advanced encryption algorithm, approved for use in banking and credit card processing companies’ ecosystems. DNSSEC protects the domain from DNS attacks. All the browser requests are encrypted (HSTS).
Web Application Firewall (WAF) and DDoS protection
The top player in the web application security market analyzes server requests. Hacking attempts, bots, and DDoS attacks are filtered out meticulously to prevent a service breakdown. None of our servers have direct access to the internet.
Regular vulnerability scans
CoinLoan infrastructure is monitored daily with the number-one vulnerability scanner to discover weaknesses of any given sub-system. We regularly update the list of our scanner’s tests.
Secure Software Development Life Cycle (SSDLC)
According to this methodology, all changes in a code and features implemented are inspected by developers, tested by QA specialists, and analyzed by security experts.
We have a partnering program for white hat hackers and welcome ethical specialists to collaborate with us to analyze vulnerabilities and enhance the security of the entire infrastructure. We react immediately to any findings. If bugs or vulnerabilities are discovered, we issue an update as soon as possible. As for now, we never faced issues that could have shaken our reputation.
SOC 2 & ISO 27001 certification
Currently, we are pending to undergo the Service Organization Control (SOC) 2 Audit, which will affirm that CoinLoan’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, confidentiality, and privacy. With the addition of SOC 2, we will further strengthen our position by being certified for ISO27001. Certification to the ISO 27001 Standard is recognized worldwide. It will indicate that our information security management system is aligned with information security best practices.
Account takeover protection
Our system blocks any attempts to steal passwords and two-factor authentication (2FA) codes. We always notify our users via email about an ongoing login process providing such details as browser type and geolocation.
Our email system can detect attempted intrusions fast. Each session is linked to a browser and IP address, protecting an account from cookie theft and session hijacking.
Monitoring of the CoinLoan infrastructure is on 24/7 in order to spot rapid abnormal activity and system errors.
We use TOTP technology for 2FA to confirm crucial account actions: each login attempt, funds withdrawal, and password reset. You can read more on how 2FA works on CoinLoan here.
If you want to know more about how we store cryptoassets, please read this article.
Our partnerships with trusted companies
In addition to our internal policies, we also partner with trusted security providers like Elliptic, a leading crypto compliance solutions provider. From a user perspective, Elliptic monitors crypto addresses for outbound transactions for AML purposes to avoid transfers to scammy addresses. Learn more about our partnership with Elliptic here.
We also partner with Blaze, an international cybersecurity firm. Although CoinLoan security standard is exceptionally rare, we always strive for better transparency which third-party audits provide. Blaze will help us to monitor our exposure to threats: it helps with managing and mitigating risks. Check our detailed article on partnership with Blaze for more information.