Independent Reserve security
Protecting your wealth.
Security is at the forefront of everything we do
As leaders in the industry, we are committed to providing the most trusted and secure platform for investors to buy, trade and store cryptocurrencies. Independent Reserve is a responsible cryptocurrency exchange with a risk-averse approach to the way we manage our business.
We maintain complete segregation of our customer assets at all times to ensure that if you need your crypto, we’ve got it. We keep your funds safe. That is our promise.
How we treat client assets
No commingling of customer funds: we keep client assets completely separate from our own.
1:1 reserves
We maintain a full 1:1 reserve of all client fiat and crypto assets.
We hold the vast majority of crypto assets in secure offline cold storage, protected in underground vaults with maximum security.
Audited
Our books are balanced and we carry no debt on our balance sheet. We engage external auditors to undertake an annual audit of our financial statements in accordance with Australian Accounting Standards. This includes verification of all fiat and crypto balances held in custody on behalf of clients.
Segregated funds
We do not commingle customer funds. We maintain complete segregation of all client assets to ensure that when you need to make a withdrawal you can.
We keep your assets safe. That is our promise.
Sole custodian
Independent Reserve is the sole custodian of all crypto assets held on our platform. Custody is managed in Australia and we do not use any third party custodians.
We adhere to industry best practices and never lend or trade your assets.
Trusted by global partners
Platform security features
Account security
- 2-Factor Authentication on login supports google authenticator, with optional SMS backup.
- Ability to change username and email address at any time.
- Username can be freely chosen. We encourage users to not use their email address as username to improve security.
- Email notifications are sent on each login.
- Instant account suspension from email link for unauthorised logins.
- Duress password to suspend an account.
- Additional security information is requested on login attempts from different IP addresses.
- Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
- SMS notifications on account security detail changes (like email change or password changes).
- Cryptocurrency address whitelisting - Withdrawals to new addresses require SMS confirmation.
- Browser whitelisting - Email confirmation for logins from new browsers.
- Bot shield – Automatic account protection from brute force attacks.
System security
- All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
- Uploaded documents are visibly watermarked (all verification documents and support message attachments).
- Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
- Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
- Full encryption of support chat text messages.
- All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
- Secure connections are always enforced when accessing the website or API from any device.
- Top tier data centres with geographically dispersed disaster recovery backup servers.
- No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
- Intrusion detection monitoring for unauthorised system access.
Hot wallet security
- Vast majority of cryptocurrency is stored in cold storage, with constant automated monitoring.
- Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
- Continuous monitoring and address reconciliation between system accounts and the blockchain.
- System explicitly designed to never expose hot wallet private keys, even to administrators.
Cold storage security
- Vast majority of cryptocurrency is stored in cold storage.
- Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
- Cold storage requires multiple employees and approvals for physical access.
- Proprietary offline storage with multiple encryption layers and multiple redundancies.
- Multi-signature withdrawals always requiring more than one person for execution.
- Survivorship procedures to recover cold storage funds in case of a catastrophic event.
Operational
- Regular penetration testing is conducted on the system.
- Bug bounty in place.
- Administrators have tiered access to the system.
- Administrators actions relating to user accounts or value transfer are audited and require multi-level approvals.
- Regular Police checks conducted on all administrators with system access.
Awards & Recognition
External penetration testing
- December 2017
- February 2018
- May 2018
- September 2019
- February 2021
- August 2021
- November 2022
- November 2023
Bug bounty
Please report any security vulnerabilities to security@independentreserve.com.
Get started today
Register, deposit and trade in 5 minutes.