Security of Clients’ Funds at CEX.IO

, August 13, 2019

Update: this blog post was updated on 7 November, 2022 for better clarity.

Cryptocurrency has captivated the attention of a broad range of people. From tech enthusiasts in the remote islands of Polynesia to traditional finance professionals sitting in the tall buildings of Manhattan, people of all backgrounds participate in the digital asset economy. Though they may pursue very different goals, one thing they all care about is the safety of their funds. 

The rapid growth of the digital asset space has led to an emergence of multiple exchanges and wallets for people to choose from. Regulatory loopholes in various jurisdictions allowed many of these platforms to under-prioritize their security in exchange for a stronger marketing push. As a result, just in 2019 alone, we find abundant examples of fraud and security breaches in the market. These have led to millions of dollars lost by industry participants. Funds were lost not due to market fluctuations, but because of the wrong choice of an exchange or trading venue.

CEX.IO is a cryptocurrency exchange that maintains custody of our clients’ funds, both digital assets and fiat. Safeguarding these funds is paramount to us. In this post, we will explain what systems and processes we have in place to ensure that your funds are safe with CEX.IO.

Security of Digital Asset Storage

Digital assets at CEX.IO are spread between the hot and the cold wallets maintained by the exchange. Hot wallets are connected to the Internet and cold wallets are offline. For each digital currency – Bitcoin, Ethereum, Ripple and others – there are both hot and cold wallets with separate private keys.

The proportion in which we divide the total funds between the hot and the cold wallets is determined by the amount of cryptocurrency that can sustain day-to-day trading activity, given factors like trading volumes and expected deposits and withdrawals. Statistically, only a small portion of the total digital assets is in active circulation. Hence, the hot wallet holds a very small portion of the total crypto funds. Notably, it is the company’s funds that remain in hot wallets to support the daily cryptocurrency circulation.

By design, our hot wallet is an account of company funds – after a transaction has been processed, that amount is debited or credited to the individual customer account. Therefore, all exposure to the risk of maintaining a hot wallet is solely limited to CEX.IO. This is in line with emerging higher standards of security and fund safety across the digital asset exchange space. For major cryptocurrencies like Bitcoin and Ethereum, 100% of clients’ funds are stored in cold wallets. For most recently listed altcoins, the ratio of funds stored in the cold wallet is close to 100%.

Client’s funds deposited during the day are moved to the cold wallet in a daily reconciliation procedure so that mostly funds that belong to CEX.IO remain in the inherently riskier hot wallet. What this means is that if there is a hack on the hot wallet, it will affect CEX.IO funds, not user funds. At the same time, the clients’ funds remain in safe offline cold wallets, untouched, except for infrequent cases when the hot wallet requires a rebalancing.   

Hot wallet security

Since the hot wallet is connected to the internet, it is inherently riskier than the cold wallet. Because hot wallets facilitate transaction activity on the CEX.IO exchange, they are completely automated and, as we established before, only store a small portion of the total funds. 

General security principles apply to hot wallets. Here are some of the specifics:

  • Finance and Compliance controls: Per the “Multiple Controls” principle, each transaction involving a hot wallet undergoes separate checks from the Compliance and the Finance departments and requires signatures from both to go through. 
  • Security of Data Storage and Handling: We apply the top standard adopted by credit and debit card providers, PCI DSS Level 1, to our hot wallets and regularly audit the compliance elements associated with this process.

Cold wallet security 

Any automation is excluded, and manual processes lie at the core of cold wallets. 

General security principles apply to cold wallets. The manual processes and the offline nature of these wallets translate these principles into the following specifics: 

  • Multiple Signatures: The “Multiple Controls” principle in cold wallets is implemented via a multi-signature requirement. An authorized person can initiate a transaction, but confirmations from multiple authorized persons are required for the transaction to execute. 
  • Whitelisted Addresses: Funds from the cold wallets can only be transferred to the whitelisted addresses of the CEX.IO hot wallets and only after the reconciliation of all balances. The CEX.IO system has control systems for sending only to proper destination addresses when transactions are created and signed, even by all fully authorized parties. 

Every transfer of funds at CEX.IO is subject to a very nuanced system of checks and controls. When designing our security processes, we’ve implemented the strictest principles of fund custodianship, advocated by government organizations and widely used in banks worldwide. 

Security of Trading Environment

The security of digital asset storage is the foundation for safeguarding clients’ funds. But it is not only security breaches and potential hacks that we keep in mind. What happens during trading activity also matters. 

Any platform, when not careful about checking its clients, the source of their funds, and their trading activity, risks being used for money laundering. The implications of this can be very far-reaching: from the freezing of such a platform’s bank accounts and a full investigation to a regulator’s order to suspend company operations. Normal law-abiding users get pulled into this quagmire by not having access to their accounts through no fault of their own. 

We cannot allow any such scenarios to happen at CEX.IO. That is why verification related to KYC/AML is mandatory for every user we serve. Additionally, we have built a proprietary set of rules, called the “Expert System”, which continuously monitors all digital asset transactions for irregular activities. 

Whenever odd behaviors are identified on the CEX.IO exchange, alerts go out to Compliance and Finance teams to review suspect activity. The Expert System evolves with the needs of our platform and ensures that you trade in a safe environment.

With the goal of increased speed and automation, integration of the Expert System into both identity verification and crypto trading provides an extra layer of security for our customers. 

Security of Fiat Funds

It’s historically been both a point of pride and our key feature that CEX.IO supports fiat-to-crypto transactions. Hence, the implementation of security processes covering the fiat-based portion of our business is an absolute must for us.

We’ve placed a huge effort into building relationships with reputable banks around the world. Each bank we add to our ecosystem performs strong due diligence on our processes. Similarly, we carefully review each bank before sending our clients’ funds there

Our clients’ fiat funds are stored in the custodial accounts of banks we partner with. The customers’ fiat is always held in accounts separate from the company’s accounts. That means only customers and no one else – not the company, nor its creditors, or any other counterparties – have a claim on these funds.  

Similar to the principles of the hot and the cold wallet, our clients’ fiat in custodial bank accounts is split into two parts. One smaller part serves our users’ day-to-day needs when they buy/sell cryptocurrencies or withdraw fiat from our platform. Another, much larger part, sits in a separate savings account, which is only rarely used to top up the account covering daily needs in case fiat deposit or withdrawal activity spikes.

Only authorized persons, whose actions are diligently recorded, can initiate transactions with clients’ fiat held in the bank accounts. The principle of Multiple Controls also works here when one party initiates a transaction and another – checks and executes it. 

“And what about collusion?” you may ask. Our employees undergo a detailed internal investigative process, much stricter than our customers do. Our top management is required to maintain a thick file of background checks with multiple governmental organizations – more on that later!

Since we get the information about our users’ credit and debit cards, we’ve implemented and regularly independently audit our compliance with PCI DSS Level 1, already described above. If for hot wallets, the standards were adopted for digital assets, with fiat-based cards the standards of data handling and storage apply directly. 

This covers the basics of our fiat handling. The security of fiat function at CEX.IO is crucial and facilitated with our banking partners to implement the highest standards of regulatory banking compliance. 

Reporting and accountability

Every financial transaction – both fiat and crypto – that takes place at CEX.IO gets recorded and finds its way into financial reporting. Detailed financial records are an important part of our business. Opening of bank accounts, applying for licenses, and maintenance of licenses and registrations require preparation and submission of independently audited financial statements to relevant parties. These parties evaluate our statements in various contexts including whether CEX.IO handles users’ funds correctly and properly maintains records.

As a UK company, we annually submit audited financial statements to HMRC. And now, as a US corporation, we will also be filing reports with the IRS. An independent audit of financials is performed to confirm the absence of material misstatements and their preparation according to the required accounting standards.    

An extensive review of our financials is only one of the regulatory requirements that come with obtaining a regulated status. Detailed personal background checks of key CEX.IO individuals are performed by regulatory bodies of various jurisdictions as part of a license of a registration process. For example, our applications for the Money Transmitter Licenses in the US began with fingerprinting and full background checks of the US office directors. Regulators in various jurisdictions make these procedures necessary to ensure the accountability of individuals running companies that handle other peoples’ funds.

Both extensive reporting and accountability that come with the regulated status of CEX.IO ensure that theft/disappearance/funds mishandling or any other malicious behavior is easily detectable, hence pointless to attempt. It serves as another assurance to our users that their funds are safe within CEX.IO.  

Update: as of November 2022, CEX.IO can provide services in all the US with the exception of New York.

Capital Requirements, Insurance, and Reserve Fund

Maintaining a robust system that prevents incidents is key for keeping users’ funds safe. At the same time, every serious business has to evaluate all factors and develop an action plan in case a (however unlikely) adverse event occurs.

For CEX.IO, the establishment of a comprehensive risk management framework is both a part of its business strategy as well as a regulatory requirement. This framework considers all material risks, including operational, security and IT risks (service shortages, insider job, and hack attacks are only a few of them) with an idea to place a sufficient amount of reserve capital aside to cover possible losses and ensure that the business can be run in a safe and sound manner. 

Regulatory requirements 

As part of our license applications in Europe, we have to continuously demonstrate the maintenance of sufficient capital on our accounts. The purpose of this capital is to cover potential losses, given the estimates of risks. We may lose our licenses if the capital requirements are not met at any point in time. 

In the US, the rules are a bit different, as each state has its own treatment of money transmitting businesses. Together with a minimum net worth requirement (similar to the capital requirements in Europe), for each state where CEX.IO holds an MTL license, CEX.IO has to purchase insurance, a so-called surety bond.

The surety bonds cover the losses for each individual state, with an amount of coverage in many states in excess of $1,000,000. If a loss were to occur, a surety bond will be paid directly to customers to compensate them for any loss. And, unlike with insurance, where claims need to process first, once the payout criteria are met for the surety bond, the money is paid out to customers of that state straight from the state.

Self-Regulated Reserve Fund

Aside from complying with regulatory requirements, CEX.IO incorporates a strong risk management framework into its daily business operations. As part of the risk management program, we set aside a portion of our revenues, derived from the trading fees, to maintain an emergency reserve. The funds in that emergency reserve would be used to cover customers’ losses if an adverse event were to take place.

You do Your Part

The processes above outline the general mechanisms we have in place to safeguard the safety of our clients’ funds. Some of them exist to prevent attacks, others – to render theft worthless, yet others – to compensate losses if a security breach occurs. 

This was not meant to be an exhaustive description of everything we do in terms of safety. For one, a level of confidentiality is required to ensure some processes are effective. Secondly, security weaves into our daily activities and every process implements a form of security measures, from handling support tickets to monitoring trading activity. 

One thing the article would not have been complete without is a reminder that you, our user, is a key participant in protecting your own funds. While the exchange works diligently to maintain the processes and infrastructure that ensure the safety of customers’ funds, you are solely responsible for safeguarding access to your own finances, not only at CEX.IO but everywhere. 

Our work doesn’t stop with the implementation of security-related measures. We actually live and breathe security, and we continue to strengthen it every day. Likewise, your responsibility in securing your own funds also does not stop with setting up a strong password. It extends to how you access your money, what devices you use, what network you connect to, and much more. We strongly recommend enabling 2FA with your CEX.IO account and keeping your passwords secure. When we do our part and you also do yours, you can enjoy peace of mind knowing that your funds are safe with CEX.IO.

For security tips and updates about CEX.IO, join our Telegram channel: https://t.me/CEX_IO.



CEX.IO Monthly Digest (March) — Educational Edition

As a user-centric platform focused on sharing free knowledge as the road to empowerment, we’re exceptionally proud to share third-party recognition of our efforts. The month of March was another rewarding stretch.  Brimming with timely thought leadership publication, high profile award wins, prestigious media coverage, and positive reviews, last

Apr 06, 2023 | 11 min read

Recently Restricted for Card Payments Countries

Recently, more countries were restricted for card payments. The users from those countries will not be able to deposit or withdraw fiat using their cards. To work with fiat, we highly encourage them to use any other payment option available in their country. The reason behind this restriction is that

Apr 23, 2018 | 3 min read

Learn & Earn Free TON: Validation

Wonder how we are going to validate the submissions? Here is a general validation process with possible nuances and scenarios.

Apr 07, 2021 | 11 min read