BaseFEX is committed to the security of our platform and users. We believe in rigorous and conservative security measures, and will not compromise security for convenience.
Reporting Security Issues
Please report security issues through our bug bounty program on HackerOne: https://hackerone.com/basefex
All assets on BaseFEX are stored in multi-signatured cold wallets only. All BaseFEX addresses are multisignatured and all storage is kept offline.
Even in the event of a full system compromise, including web servers, trading engine, and database, there would not be enough keys available to an attacker to steal funds.
Additionally, each and every withdrawal on BaseFEX is audited by hand by at least two BaseFEX employees before sending. No private keys are kept on any cloud server and deep cold storage is used for the bulk of funds.
All deposit addresses sent by the BaseFEX system are verified by an external service to ensure that they contain the keys controlled by the founders. If the public keys do not match, the system is shut down immediately and trading is halted.
BaseFEX systems take advantage of Amazon Web Services’ world-class security.
All BaseFEX systems require multiple forms of authentication to access, including hardware tokens. Individual systems are unable to communicate with each other except across approved and monitored channels.
Trading Engine Security
The BaseFEX Trading Engine is the first of its kind. Written in kdb+, a database and toolset used frequently by major banks in high-frequency trading applications, the BaseFEX engine has unprecedented speed and reliability.
Rather than using our speed just to execute more transactions per second, BaseFEX does a full risk check after each and every order placement, trade, settlement, deposit, and withdrawal. At all times, all accounts in the system must sum to zero. If they do not, trading is immediately halted for all users.