Security At Everstrike

At Everstrike, we don't just prioritize security. We breathe it. It's an integral part of our company culture. All employees must pass a criminal background check before joining Everstrike. After joining us, they are required to fully encrypt their hard drives, utilize high-entropy passwords and enable U2F-based 2FA for every service or device that supports it. Screen locking is mandatory. To take things even further, all updates to the Everstrike API, website and mobile apps must be cryptographically signed by all of our senior level executives before they can be deployed to production.

Storage Of Funds

Everstrike stores more than 95 percent of client funds in geographically distributed multisignature cold wallets. The private keys to these cold wallets are kept entirely offline, and distributed across multiple highly secure locations, in multiple different parts of the world, making it impossible for even the most sophisticated hackers to gain access to them.

Deposit Addresses

An external service constantly audits all of the generated deposit addresses, ensuring that they have been generated by the correct public key. In the case that the public key and the address don't match, the entire system is shut down immediately.

Customer Data

Customer data is encrypted both at rest (using AES256 encryption) and in transit (using TLS 1.2). Encryption keys are generated with a FIPS-140-2 Level 3-compliant HSM and rotated daily. All passwords are cryptographically hashed using Bcrypt with a cost factor of 12. All electronic communication between employees is PGP-encrypted.

DDOS Protection

Everstrike utilizes rate-limiting, concurrent connection limits, active whitelists and blacklists to counter Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. The Everstrike environment is hosted on Google Cloud Platform ("GCP"). Google has a proven track record for physical security and internal controls.

Client-side Security

The website received an A+ rating in the Mozilla Observatory Test. Only four other cryptocurrency exchanges have ever achieved an A+ rating. Verify the rating yourself here. Feel free to run the test on some of our competitors as well - you might be shocked how poorly some of them perform.

Security Summary

  • Geographically distributed multisignature cold storage
  • External auditing of deposit addresses
  • All customer data encrypted both at rest and in transit
  • Encryption keys generated with a FIPS-140-2 Level 3-compliant HSM and rotated daily
  • All passwords cryptographically hashed using Bcrypt with a cost factor of 12.
  • DDOS Protection
  • A+ website security rating on Mozilla Observatory