Your browser version is outdated. We have decided to spend our time on making Bl3p better, instead of wasting it on compatibility for ancient browsers. Please install Chrome frame if you wish to continue on your current browser, or consider installing Firefox or Chrome.
As history has shown, exchanges like BL3P are, unfortunately, a favorite target of hackers. BL3P has strict security measures to prevent theft of sensitive information or funds. Below is a selection of our security measures:
- Two factor authentication is enabled for the withdrawal of funds and for accessing your account.
- By default we block login attempts from unknown locations.
- The majority of the bitcoins are kept offline in a 'cold wallet'.
- The cold wallet contains only multi-signature addresses. A transaction from a cold wallet has to be signed by multiple persons to be valid. A very limited number of employees of Bitonic can sign such a transaction.
- Signing a cold wallet transaction can only be done by air gapped devices. These devices can't make any connection to the internet.
- Our funds are managed by “Stichting Bitonic Payments” and are spread as much as possible over several bank accounts or bitcoin addresses.
- Passwords are salted and multiple times hashed before we store them in our database. Decrypting passwords is a time-consuming and relatively expensive process in the unlikely situation an attacker gains access to our database.
- Our modular software design enables us to update or change specific parts of our software. By this setup we can adopt required changes quickly.
- Our security policy has several layers. Staff and systems will only have access to the systems they actually need by reason of their function.
- Bitcoin technology is based on proven cryptographic laws and principles. Cryptography itself is strongly dependent on random numbers. It is difficult to generate truly random numbers by just running a software program. To overcome this, we use an external hardware random number generator that has been successfully tested with: ' Dieharder ' version 3.31.1 of Robert Brown.
- Our employees are trained to be continually aware of the dangers of social engineering.
- Internal emails are encrypted and sent by default with PGP. We use the same principle for external mail if the public key of the receiver is known. In case the public key of the recipient is NOT known, the mail will only be digitally signed. Our public PGP keys can be found here.
- The physical servers are hosted in a Dutch data center with Dutch shareholders and in a locked private rack. The logical volumes on the server are fully encrypted.
- We prefer working with open source software as much as possible. Our experience is that the impact of security flaws is smaller because these are usually found and resolved quickly by the community.
- Whenever possible, we develop our products in house and avoid cloud solutions. This makes us very flexible and independent of (security by) third parties. We use our own automated test suite so we can thoroughly test the quality and effect of our changes.
- Our security design assumes that one day we will get hacked. After all, we do not assume to be smarter than the rest of the world. The systems are arranged in a way that a hack is detected as soon as possible and the damage will be limited. In addition, we encourage hackers to report any bugs through our bug bounty program.