BaseFEX is committed to the security of our platform and users. We believe in rigorous and conservative security measures, and will not compromise security for convenience.
Reporting Security Issues
Please report security issues through our bug bounty program on HackerOne: https://hackerone.com/basefex
All assets on BaseFEX are stored in multi-signatured cold wallets only. All BaseFEX addresses are multisignatured and all storage is kept offline.
Even in the event of a full system compromise, including web servers, trading engine, and database, there would not be enough keys available to an attacker to steal funds.
Additionally, each and every withdrawal on BaseFEX is audited by hand by at least two BaseFEX employees before sending. No private keys are kept on any cloud server and deep cold storage is used for the bulk of funds.
All deposit addresses sent by the BaseFEX system are verified by an external service to ensure that they contain the keys controlled by the founders. If the public keys do not match, the system is shut down immediately and trading is halted.