At iLexExchange Platform, we work hard to provide both ease of use and the utmost security to our customers in order to offer an environment in which customers feel safe making cryptocurrency transactions. We will explain iLexExchange's security policies so that you will learn more about it.
iLexExchange's security measures are explained below in five parts. These are [Platform Security], [Access Control Security], [Procedural Security], [Hosting Security], and [Operation Security].
The iLexExchange Platform has been vetted by a variety of external, thirdparty security audit firms and penetration test consultants. It is certified per the CryptoCurrency Security Standard (CCSS).
Ensure communication security through the introduction of next generation encryption systems and the highest strength encryption technology.
In order to protect our customer's personal information, iLexExchange encrypts all customer related data communication. iLexExchange uses higher strength encryption technology than any other major financial institutions in its communications with customers. TLS1.2 is applied to all connections to iLexExchange, which are encrypted and authenticated using AES_128_GCM. ECDHE_RSA as the key exchange mechanism.
You can confirm that a website carries out encrypted communication by checking that:
You can clearly see the presence of an encrypted communication by clicking on the key symbol.
iLexExchange has adopted SSL server certificates issued by DigiCert.
Internal service interactions utilize separate authentication contexts and are not exposed to the Internet.
We deployed Web Application Firewall and selected the reverse proxy pattern:
Applying the principles of external traffic monitoring (IDS) and prevention (IPS) to HTTP and the related technologies, which are used to build web applications.
Protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining both positive signature-based policies with robust anomaly detection capabilities, it can defeat today’s most sophisticated attacks targeting your web applications.
It successfully filters out volumetric DDoS attacks before they ever reach network and harm apps.
iLexExchange has extremely strict controls over wallet access. In addition, our systems trace and log all accesses to the wallet servers. only a very small number of IP addresses are allowed to access the wallet servers.
iLexExchange has built-in protection against brute force Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. This includes ratelimiting, concurrent connection limits, and active whitelist/blacklist management controls
The service is operated in a private network, so it has a high-level of security.
For your security, iLexExchange requires a password of sufficient strength. iLexExchange recommends that customers use very strong passwords and to avoid the use of commonly used character strings. This is because there is something known as an account list attack wherein ID and password combinations are stolen from a web service and used in an attack. Please note that the same ID and password should never be used across multiple services. Password must contain at least 8 characters, one number, and at least one capital letter.
Two-step authentication function can be set by e-mail address through Google Authenticator, an authentication application. For normal services, you can only login using an authenticated ID and password. However, when connected to the internet, this service can be accessed from anywhere. This is because such security may be breached when ID and password pairs are stolen, or a malicious third party obtains the ID and runs a brute force or dictionary attack to forcibly login. This is why, in addition to the original ID and password, another set of numbers known as an authentication code is entered. Thus strengthening the security. Reason being, the authentication code changes over time, as well as whenever a login occurs. Even if a malicious third party steals the ID and password, obtaining access will be more difficult.
Each time you log in to iLexExchange, a login confirmation email is sent to your registered e-mail address from iLexExchange. It includes the IP address, date, and time of log in. This is done so that in the event a third party logs in to your account, you can immediately be aware of that.
Multi-sig is the latest in cryptocurrency security measures. It is designed to ensure that your transactions are safe. Unlike in a typical cryptocurrency address, multi-sig requires two or more separate signatures to send cryptocurrency.
iLexExchange provides email notification for all sensitive access to activities such as deposits，withdrawals and order-placing.
① The iLexExchange Platform can be used on Linux and Windows.
② Software is run across multiple Tier 3 data centers.
③ Hardware is wholly-owned and stored securely with access control including biometrics.
④ Database and exchange are hosted directly on an inhouse hardware.
To minimize trading risks, iLexExchange provides an impenetrable set of controls for traders with regard to their daily and monthly limitations on activities which present risk, such as the withdrawal limits.
By leverage of the advanced monitoring tool “Know Your Transaction”, it adds a security tier to client’s transaction. In this way the fraud and suspicious transactions can be well inspected with risk mitigated by our end.
(1) Proof of identity verification (Full name, address and date of birth)
iLexExchange confirms customer identity by requesting customers to upload an image of their proof of identity (i.e. Passport ,Driver's license and National Identity card). A photo with the official proof of identity next to the customer's face is also required in certain cases.
(2) Identity verification for major changes
Identity verification by iLexExchange is performed multiple times. Through multiple identity verifications, we endeavor to prevent spoofing attacks on customers by third parties. We appreciate your cooperation in these matters.
As an example, customers cannot change their registered information directly via the website after the corresponding information is confirmed by iLexExchange.
In identity verification, iLexExchange will update the login information for you. As for KYC documents, please submit ID (proof of identity with photo) with remaining validity of more than three months. You also need to send a proof of address issued within the last three months. The address between the proof of identity and proof of address should match. Some unauthorized access will cause information to be manipulated by the third party, which may result in account hacking.
Customer assets, including fiat currency and crypto currency,are clearly segregated from iLexExchange's own assets.