Fund security and user data security are Gate.io’s primary considerations.
Gate.io is one of the most secure exchanges in the world, providing more than ten multiple security solutions.
Regardless of login, transaction, or cash withdrawal, it provides a full range of active or passive protection.
- Self-developed trading system
- Gate.io adopts a self-developed digital asset trading system, each module iterates independently, and passes professional company penetration testing and annual security audits.
- Third-party cloud security defense service
- The front end of the system uses Cloudflare Firewall Enterprise Edition to detect malicious traffic and attacks. Anti-malware through anti-robot CAPTCHA method.
- Encrypted TLS connection
- All website data is transmitted over an encrypted Transport Layer Security (TLS) connection (ie HTTPS).
- Anti-DDOS attack
- For DDoS countermeasures, Gate.io continuously improves the anti-DDOS attack mechanism to achieve self-evolution through the four steps of detection, response, defeat, and recording.
- WAF protection system
- Use a Web Application Firewall (WAF) to deal with illegal intrusions, data tampering, and vulnerabilities. When threats are found, the firewall will automatically open.
- DNS security
- Improve DNS server performance and resiliency, and implement DNS security to prevent hijacking or spoofing of customer communications.
Internal Control made by Gate.io
All computers in Gate.io’s company have endpoint protection and are behind a corporate firewall.
Gate.io keeps all software up-to-date, constantly monitor for threats, and employ a least-privilege and role-based approach to all connections.
Gate.io has added an internal layer of controls with regular reviews of access to detect and eliminate unwanted account access.
Data access is controlled by all staff having to go through a strict request process to determine the source or purpose of the access.
Development management by Gate.io
Dedicated on-line deployment personnel are separated from developers.
The online deployment adopts version management and rollback plan.
Before going online, it is necessary to perform a regression test on the version to be deployed.
After the test is passed, it is deployed. After the deployment, security and functional verification are performed.
If there is a problem with the verification, a rollover operation needs to be performed.
The access to the production server requires strict operating specifications, multiple protection access control and detailed operation log records.
The development adopts the internal git management system and adopts a modular development method. Different functional modules are assigned to different git management libraries.
Different developers are assigned different access rights to git libraries.
Read and write permissions and accept pulls are set according to development requirements.
Conduct code audit on the code submitted by developers through the git system.
To successfully merge to the main code branch, the developer needs to submit a pull request, and the supervisor needs to review the code before accepting the request, otherwise the modification will be returned.
Asset Security with both Hot and Cold Wallets
Gate.io hot wallet adopts multiple signatures, MPC/threshold signatures, big data risk control and other technical means to ensure the security of private keys.
All users’ recharge and withdrawal needs need to pass multiple risk management certifications before they are broadcast to the blockchain for confirmation.
Gate.io hot wallet is protected by professional service provider HSM.
The Gate.io cold wallet private key follows the principles of remote backup, bank custody, multiple storage media, multi-signature, and complete offline to ensure the absolute security of assets
In the long-term practice process, Gate.io has formed a complete process, a systematic solution and a complete emergency response mechanism, and has maintained zero accidents so far.
Gate.io wallet adopts institutional grade, multi-signature, multi-currency wallet. In the case of offline security, the transfer can only be completed after strict m-of-n authorization.
The multi-signature scheme also effectively avoids the loss of assets caused by the loss of a single private key
When withdrawing cash, there will be at least two or more multiple security authentications, and only after the identity verification is completely passed can the cash be withdrawn.
After changing security settings such as password reset, users will not be able to withdraw cash within 24 hours.
And in the form of SMS or email to verify your operation intention. This is an extra step to prevent hackers from withdrawing funds by modifying security settings.
Vulnerability plan by Gate.io
As one of the trading platforms with the longest history and the largest transaction volume in the world, Gate.io is well aware of the importance of blockchain asset security, and always puts user asset security first, investing a lot of money, through centralization and decentralization ( Gatechain security solution) double means to ensure the security of user assets, and is the only trading platform in the world that has invested hundreds of millions of dollars to provide “security and legal funds” for user asset security.
In order to mobilize the power of the world’s top technical community to maximize the security system of Gate.io, Gate.io releases the Gate.io Bug and Security Suggestion Feedback Mechanism to motivate any capable senior security personnel to provide security suggestions and security suggestions for Gate.io Vulnerability analysis.