Don’t worry, we are here to help!

At iLexExchange Platform, we work hard to provide both ease of use and the utmost security to our customers in order to offer an environment in which customers feel safe making cryptocurrency transactions. We will explain iLexExchange's security policies so that you will learn more about it.

iLexExchange's security measures are explained below in five parts. These are [Platform Security], [Access Control Security], [Procedural Security], [Hosting Security], and [Operation Security].

Platform Security

The iLexExchange Platform has been vetted by a variety of external, third­party security audit firms and penetration test consultants. It is certified per the CryptoCurrency Security Standard (CCSS).

Access Control Security

① SSL Communication

Ensure communication security through the introduction of next generation encryption systems and the highest strength encryption technology.
In order to protect our customer's personal information, iLexExchange encrypts all customer related data communication. iLexExchange uses higher strength encryption technology than any other major financial institutions in its communications with customers. TLS1.2 is applied to all connections to iLexExchange, which are encrypted and authenticated using AES_128_GCM. ECDHE_RSA as the key exchange mechanism.

You can confirm that a website carries out encrypted communication by checking that:

You can clearly see the presence of an encrypted communication by clicking on the key symbol.


② Adoption of DigiCert SSL server certificates

DigiCert
iLexExchange has adopted SSL server certificates issued by DigiCert.


③ Separate authentication contexts

Internal service interactions utilize separate authentication contexts and are not exposed to the Internet.


④ Web Application Firewall

We deployed Web Application Firewall and selected the reverse proxy pattern:
Applying the principles of external traffic monitoring (IDS) and prevention (IPS) to HTTP and the related technologies, which are used to build web applications.
Protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining both positive signature-based policies with robust anomaly detection capabilities, it can defeat today’s most sophisticated attacks targeting your web applications.
It successfully filters out volumetric DDoS attacks before they ever reach network and harm apps.


⑤ Wallet Access

iLexExchange has extremely strict controls over wallet access. In addition, our systems trace and log all accesses to the wallet servers. only a very small number of IP addresses are allowed to access the wallet servers.


⑥ Protected from DoS attacks

iLexExchange has built-in protection against brute force Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. This includes rate­limiting, concurrent connection limits, and active whitelist/blacklist management controls


⑦ Core in Private Network

The service is operated in a private network, so it has a high-level of security.


⑧ Login password strength check

For your security, iLexExchange requires a password of sufficient strength. iLexExchange recommends that customers use very strong passwords and to avoid the use of commonly used character strings. This is because there is something known as an account list attack wherein ID and password combinations are stolen from a web service and used in an attack. Please note that the same ID and password should never be used across multiple services. Password must contain at least 8 characters, one number, and at least one capital letter.


⑨ Two-step authentication

Two-step authentication function can be set by e-mail address through Google Authenticator, an authentication application. For normal services, you can only login using an authenticated ID and password. However, when connected to the internet, this service can be accessed from anywhere. This is because such security may be breached when ID and password pairs are stolen, or a malicious third party obtains the ID and runs a brute force or dictionary attack to forcibly login. This is why, in addition to the original ID and password, another set of numbers known as an authentication code is entered. Thus strengthening the security. Reason being, the authentication code changes over time, as well as whenever a login occurs. Even if a malicious third party steals the ID and password, obtaining access will be more difficult.


⑩ Managing login history

Each time you log in to iLexExchange, a login confirmation email is sent to your registered e-mail address from iLexExchange. It includes the IP address, date, and time of log in. This is done so that in the event a third party logs in to your account, you can immediately be aware of that.


Procedural Security

① All sensitive user information is encrypted -­ both in transit and at rest

② Global setting protections in force to prevent unauthorized account activity, including unusual withdrawal requests

③ All exchange data is replicated and backed up in real-­time

④ Multi-Signature

Multi-sig is the latest in cryptocurrency security measures. It is designed to ensure that your transactions are safe. Unlike in a typical cryptocurrency address, multi-sig requires two or more separate signatures to send cryptocurrency.


⑤ Auto email notification

iLexExchange provides email notification for all sensitive access to activities such as deposits,withdrawals and order-placing.

Hosting Security

① The iLexExchange Platform can be used on Linux and Windows.

② Software is run across multiple Tier 3 data centers.

③ Hardware is wholly-owned and stored securely with access control including biometrics.

④ Database and exchange are hosted directly on an in­house hardware.

Operation Security

① Limit setting

To minimize trading risks, iLexExchange provides an impenetrable set of controls for traders with regard to their daily and monthly limitations on activities which present risk, such as the withdrawal limits.


② Transaction monitoring

By leverage of the advanced monitoring tool “Know Your Transaction”, it adds a security tier to client’s transaction. In this way the fraud and suspicious transactions can be well inspected with risk mitigated by our end.


③ Identity verification

(1) Proof of identity verification (Full name, address and date of birth)

iLexExchange confirms customer identity by requesting customers to upload an image of their proof of identity (i.e. Passport ,Driver's license and National Identity card). A photo with the official proof of identity next to the customer's face is also required in certain cases.

(2) Identity verification for major changes

Identity verification by iLexExchange is performed multiple times. Through multiple identity verifications, we endeavor to prevent spoofing attacks on customers by third parties. We appreciate your cooperation in these matters.

As an example, customers cannot change their registered information directly via the website after the corresponding information is confirmed by iLexExchange.

In identity verification, iLexExchange will update the login information for you. As for KYC documents, please submit ID (proof of identity with photo) with remaining validity of more than three months. You also need to send a proof of address issued within the last three months. The address between the proof of identity and proof of address should match. Some unauthorized access will cause information to be manipulated by the third party, which may result in account hacking.


④ Segregated management of assets

Customer assets, including fiat currency and crypto currency,are clearly segregated from iLexExchange's own assets.