Our Security Measures
Our team is continuously improving the platform's security measures and policies, as well as for the team itself. We work extra hard to make sure every money received is kept safe with our top-notch infrastructure.
The VoskCoin security system is built around ten main principles below.
1) Assets Security
We do not store any crypto assets on our server. Also, user's funds are being processed and stored in an audited cold wallet.
1.1) We divide saved funds into hot and cold wallets:
Most of the funds are stored in cold wallets to provide more secure storage. Funds are also stored in hot wallets to ensure smooth day-to-day withdrawal requests from our customers.
1.2) We have strict control on access rights to funds in both cold and hot wallets.
To further secure your funds, we require strict control over both cold and hot wallets. This allows us to monitor and act promptly in case of any suspected fraudulent activity.
1.1) Controlled and Monitored access
We use the practices of separation of duties and the Principle of Least Privilege (we give actors the least privilege they need).
2) Secure Cloud Infrastructure
We use the best-on-the-market cloud services provider that is certified by the world’s strict security standards and is trusted by major banks and financial institutions.
3) Modern Encryption Standards (SSL with TLS 1.3, DNSSEC, HSTS)
Traffic between a client browser and server uses the most advanced encryption algorithm that is approved for use within banks and credit card processing companies. The domain is protected from DNS man-in-the-middle attacks by DNSSEC. All the browser requests are encrypted (HSTS).
4) Web Application Firewall (WAF) and DDoS Protection
The top player in the web application security market analyzes server requests. Hacking attempts, bots, and DDoS attacks are filtered out meticulously to prevent a service breakdown. None of our servers have direct access to the Internet.
5) Regular Vulnerability Scans
The VoskCoin hands-free crypto mining infrastructure is checked daily with the number-one vulnerability scanner to discover weaknesses of any given sub-system. The list of tests for our scanner is updated regularly.
6) Secure Software Development Life Cycle (SSDLC)
According to this methodology, every coding change made and a new feature implemented is inspected by developers, tested by QA specialists, and analyzed by security experts.
7) Bug Bounty Program
We have a partnering program for white hat hackers and welcome ethical specialists to collaborate with us in analyzing vulnerabilities and enhancing the security of services infrastructure. We react immediately to any reports, and in cases where bugs or vulnerabilities are discovered, we issue an update ASAP. It should be noted that no serious problems have been reported to date.
8) PCI DSS Certification
Currently, we are passing a security certification designed for banks and other financial institutions that process card payments.
9) Account Takeover Protection
Our system blocks attempts to brute force passwords and one-time two-factor authentication (2FA) codes. Beyond this block, at each log-in, we notify the user via an email with details regarding the browser and geolocation used at log-in.
Our email system helps detect attempted intrusions at a glance. Each session is linked to the browser and IP address, and it protects from cookies theft and session hijacking.
10) Infrastructure Monitoring
Monitoring of VoskCoin hands-free crypto mining infrastructure continues around the clock for the rapid identification of abnormal activity and system errors.
11) Two-Factor Authentication
We use TOTP technology for 2FA to confirm each log-in attempt, funds withdrawal, password reset, and other crucial account actions. You can read more on how 2FA works