Terminal Investments Security Roadmap close

Our commitment
to security

Security of clients’ funds will always be our first priority
Our thorough threat model assesses all internal and external risks, as well as attack vectors. The threat landscape is constantly updated with new information gathered by both our internal security specialists, and external experts. In a nutshell, we consider several directions in security
01
Digital Wallets
02
Product & Infrastructure
03
Users
Digital Wallets
Most of the funds are stored in cold wallets. Keys are stored in geographically distributed secured locations and have never been exposed to devices connected to the web
All cold wallets are multi-sig, meaning no single person in the organization can access funds at any given time
Hot wallets carry a minimal possible amount of funds. Keys are spread between containers in the Google Cloud, detached from certain server or physical location
Product & Infrastructure
Internal protocols use cryptographical multi-factor verification for sensitive operations such as deposits and withdrawals. In no way is it ever possible to initiate withdrawals manually, even if intruders breach into our internal networks
All assets and transactions are subject to real-time audit by a dedicated system. We regularly track user account records to ensure internal systems exactly match assets stored on wallets
Internal networks are segregated from the web both physically, and by firewalls. All external communications are routed via demilitarized zones
All external endpoints are protected from DDoS by Cloudflare
White-hat hackers are utilized to run penetration tests of each software release, ensuring no vulnerabilities are found
Users
Users are protected with two-factor authentication (2FA) and services which detect unusual activity
Users’ passwords and API keys are stored hashed with modern asymmetrical algorithm (Argon2), which makes decryption impossible
Automatic fraud monitoring is done via a platform which decreases any risk of user account takeover
Market manipulation is stopped in its tracks through monitoring and analyzing trades to eliminate wash trading (matching of buy and sell orders sent by the same person) and other malicious activity
We are extending transparency to level that of international financial institutions.