What if there is an intrusion?

Our positions and margins are checked multiple times a minute. With balances cross-checked against on-chain records, every 10 minutes. Bugs, flaws or intrusions, causing positions not to match, will immediately halt our exchange.

How do you provide custody for Bitcoin?

Our Bitcoin custody involves multi-signature wallets, with a set of private keys that control access to the BitMEX public address. A quorum of signers are randomly nominated and required to sign before any transfer occurs. No private keys are kept on any cloud server, and even in the event of a full system compromise, there would not be enough private keys available to an attacker to steal funds that are held and protected by BitMEX.

What about custody for other assets?

All other assets - as well as a minimal amount of Bitcoin to enable accelerated withdrawals - are secured via secure multi-party-computation (MPC). Put short, no private key is ever held in one place. The creation, signing and revocation are done in a trustless distributed manner between a threshold of co-signing components.

How do you safeguard your transactions?

All transfers are additionally protected by transaction rules that are enforced to assure that any attack is blocked at a policy level. We place a tremendous amount of focus on the segregation of duties. No one actor in the system can successfully sign a withdrawal from the system. Every transaction requires multiple signatures and interaction with an untampered HSM to be valid.

What about the segregation of funds?

You deploy your funds, not us. Client funds remain safely in our wallets. They are securely segregated at the account level and ring-fenced from company assets thereby providing industry leading protection. They aren’t lent, staked or traded. We’re not a trading house, we’re an exchange, with no exposure to VC money or any other liabilities. For more, you can read our risk disclosure statement here.