The Cryptolon Mining security system is built around ten main principles below.
We use the best-on-the-market cloud services provider that is certified by the world’s strict security standards and is trusted by major banks and financial institutions.
Traffic between a client browser and server uses the most advanced encryption algorithm that is approved for use within banks and credit card processing companies. The domain is protected from DNS man-in-the-middle attacks by DNSSEC. All the browser requests are encrypted (HSTS).
The top player in the web application security market analyzes server requests. Hacking attempts, bots, and DDoS attacks are filtered out meticulously to prevent a service breakdown. None of our servers have direct access to the Internet.
The Cryptolon infrastructure is checked daily with the number-one vulnerability scanner to discover weaknesses of any given sub-system. The list of tests for our scanner is updated regularly.
According to this methodology, every coding change made and a new feature implemented is inspected by developers, tested by QA specialists, and analyzed by security experts.
We have a partnering program for white hat hackers and welcome ethical specialists to collaborate with us in analyzing vulnerabilities and enhancing the security of services infrastructure. We react immediately to any reports, and in cases where bugs or vulnerabilities are discovered, we issue an update ASAP. It should be noted that no serious problems have been reported to date.
Currently, we are passing a security certification designed for banks and other financial institutions that process card payments. This procedure includes multiple independent security audits, penetration tests, and other phases of control.
Our system blocks attempts to brute force passwords and one-time two-factor authentication (2FA) codes. Beyond this block, at each log-in, we notify the user via an email with details regarding the browser and geolocation used at log-in.
Our email system helps detect attempted intrusions at a glance. Each session is linked to the browser and IP address, and it protects from cookies theft and session hijacking.
Monitoring of Cryptolon infrastructure continues around the clock for the rapid identification of abnormal activity and system errors.
We use TOTP technology for 2FA to confirm each log-in attempt, funds withdrawal, password reset, and other crucial account actions. You can read more on how 2FA works