Security is at the core of our asset custody. We use a combination of cold and hot wallets, and industry strength cryptography key management, that’s been combined with rigorous operational security measures.
Below, we’ve answered some of our community's most asked questions about how we keep BitMEX secure, and your assets safe. Together, these systems and operational control measures eliminate a single point of failure and insulate digital assets from cyber-attacks, internal collusion, and human error.
Our positions and margins are checked multiple times a minute. With balances cross-checked against on-chain records, every 10 minutes. Bugs, flaws or intrusions, causing positions not to match, will immediately halt our exchange.
Our Bitcoin custody involves multi-signature wallets, with a set of private keys that control access to the BitMEX public address. A quorum of signers are randomly nominated and required to sign before any transfer occurs. No private keys are kept on any cloud server, and even in the event of a full system compromise, there would not be enough private keys available to an attacker to steal funds that are held and protected by BitMEX.
All other assets - as well as a minimal amount of Bitcoin to enable accelerated withdrawals - are secured via secure multi-party-computation (MPC). Put short, no private key is ever held in one place. The creation, signing and revocation are done in a trustless distributed manner between a threshold of co-signing components.
All transfers are additionally protected by transaction rules that are enforced to assure that any attack is blocked at a policy level. We place a tremendous amount of focus on the segregation of duties. No one actor in the system can successfully sign a withdrawal from the system. Every transaction requires multiple signatures and interaction with an untampered HSM to be valid.
You deploy your funds, not us. Client funds remain safely in our wallets. They are securely segregated at the account level and ring-fenced from company assets thereby providing industry leading protection. They aren’t lent, staked or traded. We’re not a trading house, we’re an exchange, with no exposure to VC money or any other liabilities. For more, you can read our risk disclosure statement here.
We were one of the first to publish a working example in 2021. It’s a transparency that has been only matched by a few.
To discuss sensitive matters, where privacy is important, we invite you to submit a secure ticket. Alternatively, in the security centre of your account, you can insert your PGP public key into the form.
Like to start trading with us? Click through below to either open an account, or connect with our sales team.