ENTERPRISE BITCOIN SECURITY FOR WALL STREET
SECURICOIN BY COINSETTER IS AN ENTERPRISE BITCOIN SECURITY SOLUTION DESIGNED SPECIFICALLY TO MEET THE DEMANDS OF WALL STREET INSTITUTIONS.
INSTITUTIONAL BITCOIN CUSTODY
The Securicoin system acts as a secure custodian for your bitcoins, utilizing customized technology that is detached from the internet and outside threats.
HUMAN WITHDRAWAL REVIEWS
As an added layer of protection, a member of our team reviews every withdrawal from your account to verify that your transactions are legitimate.
ADVANCED MULTIFACTOR AUTH
Our advanced multifactor auth platform LaunchKey for Coinsetter gives you the ability to link your bitcoin accounts to devices and places.
CREATED BY COINSETTER
Coinsetter is a New York City-based low latency bitcoin exchange and ECN built to support active traders and Wall Street institutions. Created in 2012, our company is composed of 13 experienced Wall Street professionals and developers aimed at bringing bitcoin to active traders, hedge funds, institutional Wall Street and other bitcoin companies. Our exchange offers millisecond latency trading with deep liquidity sourced from other global exchanges, as well as the only FIX Protocol API connection to bitcoin currently available. Combined with fast customer service and exciting developments on the legal front, we believe there is no better option for professional traders in the bitcoin market.
SECURICOIN SEPARATES OUTSIDE THREATS FROM YOUR BITCOIN
Bitcoins held in the Securicoin system are held in highly-protected offline wallets that never directly touch the internet. Even more, when you use Securicoin to make withdrawals, a human is always involved to verify the validity of each transaction made from your account. Bitcoin users that value security over all else will take comfort in Securicoin’s complete separation of your bitcoins from outside threats.
If you value bitcoin security over speed, Securicoin is designed for you.
FREQUENTLY ASKED QUESTIONS
1. How do BTC funds go from the customer to Coinsetter?
All fund transfers to Coinsetter are sent to pre-generated BTC addresses.
BTC address is generated on an offline Armory wallet on a clean-boot Linux computer that is never connected to a network (i.e. it does not touch the internet).
Each BTC address is associated with solely one customer account.
All addresses are held in cold storage, on redundant thumb drives employing volume encryption in addition to wallet encryption.
Coinsetter monitors the blockchain and processes the deposit to the specified address.
Deposits take a minimum of one hour to be credited and may take up to three hours to ensure the transaction is valid.
2. Once BTC funds have been deposited with Coinsetter, how are they safely secured?
Our precise “process” for making transfers is confidential, but it involves the cold storage and manual transactions signed on non-networked computers that are booted freshly with every use from a read-only OS images.
Coinsetter does not employ Windows OS on any of its servers or bitcoin-related computers. All company servers and computers run either Linux or Mac OS.
Our precise locations for cold storage are confidential, except to say the type of location used is a vault.
All wallets, both hot and cold, are encrypted at all times.
All wallet passphrases are unique, random and long.
All passphrases are stored in encrypted password management software on encrypted volumes.
No wallet passwords are stored in any company software, code, flat files or databases. Passphrases are keyed into Coinsetter systems manually, through a special administrative interface on a private network.
Coinsetter maintains hard copies of all company accounts (including accounts on third-party exchanges) and ensures that whenever internal transfers occur among company accounts that they are only among designated and approved accounts.
3. Are BTC funds transferred when an order is filled on Coinsetter’s internal exchange?
No BTC or other funds are actually transferred for orders placed on Coinsetter’s internal exchange.
Instead, customer accounts are simply debited and credited internally against customer orders.
4. How is liquidity provided by third-party exchanges?
When customers submit an order to Coinsetter, their order may be filled externally on another exchange (i.e. Bitstamp) in a manner that gets the best possible price at the current market.
Coinsetter’s system routes the order to the corresponding exchange for fulfillment.
Coinsetter manages capital internally and on private Coinsetter accounts held by other exchanges in order to provide instant transaction fulfillment.
When an order is routed to a third-party exchange, Coinsetter’s account on that exchange is used to make the transaction.
All third-party exchange accounts with Coinsetter funds utilize two-factor authentication.
All third-party exchange account passphrases are unique, random and long.
All third-party exchange accounts are only accessible by Coinsetter’s management unless temporarily authorized to a senior employee under the supervision of management.
Coinsetter does not guarantee the ability to trade an external exchange’s entire order book. Instead, Coinsetter transfers funds to and from its own accounts with the third party exchange based on such factors as exchange liquidity, best pricing, customer supply/demand, and other factors.
All communications, including orders and funds transfers between Coinsetter and any third-party exchange, are over secure and encrypted channels.
5. How does a customer withdraw BTC funds from Coinsetter?
Customers submit a personal BTC withdrawal address, which serves as a secure BTC address to which Coinsetter will send customer funds.
Customers may request a BTC withdrawal via Coinsetter’s website
The customer must log in, and then go to the Transfers page -> Withdraw tab
On the Withdraw page, the customer can specify the amount of BTC to withdraw, which can be any amount up to the total funds available in their account.
The BTC address used to receive funds must be a pre-verified BTC address. This is necessary both to ensure that the address is valid, that it is the correct address, and that the address in fact belongs to the customer.
When ready, the customer opts to initiate the transfer.
A popup window displays, challenging the customer to enter their secret PIN number or Two Factor Authentication code. The customer enters the secret number and hits submit.
A withdraw request is then entered in Coinsetter’s system and placed in a queue to be internally reviewed and approved.
Approvals are processed manually and generally take less than 24 hours.
Once approved, the withdrawal request is initiated by sending a transaction to the bitcoin peer-to-peer network.
According to bitcoin network design, transactions typically take a minimum of ten minutes to propagate through the network before they are confirmed into the blockchain.
6. What security procedures and processes does Coinsetter utilize to protect against various threats?
Coinsetter’s communication policy is to be transparent and to immediately alert its customers and the general public to any security breach, should one occur. Coinsetter addresses security in a number of ways. We employ a complete Software Development Lifecycle (SDL) approach to security. A complete SDL (as defined by Microsoft) addresses the following issues:
Training: core security training by all staff, from top to bottom, including consultants
Requirements: Establish Security Requirements, Create Quality Gates / Bug Bars, Security & Privacy Risk Assessment
Design: Establish Design Requirements, Analyze Attack Surface, Threat Modeling
Implementation: Use Approved Tools, Deprecate Unsafe Functions, Static (code) Analysis
Verification: Dynamic Analysis, Fuzz Testing, Attack Surface Review
Release: Incident Response Plan, Final Security Review, Release Archive
Response: Execute Incident Response Plan
Our SDL addresses the following domains:
Company Financial Accounts, Bitcoin addresses and wallets
Company Staff (employees and contractors)
Vendors and Partners
Company Offices and Physical Property
Company Documents and Files
Company DNS Registries
Company Hosting Providers
Company Servers, Firewalls and Hardware
Storage Media (CDs, DVDs, Thumb Drives)
Operating System Software, patches and upgrades
Third-Party software, patches and upgrades
Third-Party Anti-Virus Software and Regular Updates
Company Software, patches and upgrades
Company Email and Email Servers
Monitoring, Internal Auditing, Alerts
Coinsetter’s SDL also addresses the following threats:
DDOS Mitigation and Other Types of External Flood Attacks
Security Risks catalogued by OWASP
Social Engineering threats
Inside Jobs, Attempted Theft or Breaches By Internal Staff
7. How secure is Bitcoin currency?
At no time in the history of Bitcoin has a “hack” or security compromise occurred against Bitcoin itself. All thefts or successful attacks have instead focused on individuals or companies that failed to adequately secure their Bitcoin wallets, servers, user accounts, or software interfaces.
Bitcoin is encrypted using precisely the same mathematical algorithms and encryption standard used to:
Encrypt ALL online e-commerce transactions
Secure ALL communications between a web browser and a web server (HTTPS connections), regardless of the type of browser (Safari, Firefox, Chrome, Internet Explorer, and others) or the type of web server (Apache Web server, Nginx, and others)
Encrypt ALL email communications (PGP and S/MIME)
Create and verify ALL digital security certificates issued by certificate authorities
The specific digital encryption algorithm(s) used currently exists in two forms, each of which uses the same fundamental algorithms:
RSA – the name of the 1977 encryption algorithm created by Ron Rivest, Adi Shamir and Len Adleman; the proprietary encryption technology developed from the algorithm, and the company itself, later responsible for founding VeriSign.
PGP – ‘pretty good privacy,’ an open source standard based on RSA.
In addition, Bitcoin employs other built-in security mechanisms and guards. For more detailed information, see: