Whaleclub meets all industry standards to safeguard your funds and data. We use a variety of methods and multiple layers of security to ensure the safety of our bitcoin wallets, network, and servers, as well as our software and web applications.
Customer funds are preserved in cold storage at all times, out of reach of software hackers. There is no software or automation linked to customer fund wallets, making them technically impossible to compromise.
It is virtually impossible for an attacker to compromise our offline wallet infrastructure.
- No automation or software is linked to our wallets. Withdrawals are processed manually at a set time through a standardized, checklist-based procedure.
- Our security has been field-tested and proven. Since our launch, not a single security breach has occurred.
- Private keys are stored on completely offline computers. 100% of customer bitcoins are secured offline in cold wallets, outside the reach of attackers. Our keys have been GPG and AES-256 encrypted and replicated at max-security locations.
- Funds are distributed geographically. A redundant, global network of storage vaults ensures that no single security breach or regulatory action could ever compromise your account. We distribute bitcoin geographically in safe deposit boxes and vaults around the world.
Network and server infrastructure is segregated into levels of information classification with strict routing, firewalling, and access control links that separate each privilege level.
- Our servers always run the latest security software. Our network is always protected with the very-latest software, algorithms, and best practices.
- Comprehensive DDOS attack prevention. Provided by web performance industry-leader Cloudflare.
- Automatic backups. Data is aggressively archived. Our database is backed up every four hours, encrypted, and saved as an archive at multiple secure physical locations. All passwords and sensitive information are hashed using bcrypt with a cost factor of 12.
Whaleclub services are designed to tolerate failures in supporting infrastructure while maintaining continuity of operations. We place a high priority on redundancy and ensuring maximum availability of our services.
- Full-account 2-factor authentication. In addition to your username and password, you'll enter a code from your mobile phone, adding an extra layer of security for your account.
- Brute-force prevention. Captchas and rate throttling systems protect against brute-force type attacks.
- Full encryption. All traffic between the client and Whaleclub servers is encrypted using High Assurance SSL that supports key lengths up to 256 bits and prohibits any key lengths shorter than 128 bits.
- Background checks. All Whaleclub prospective employees undergo background checks and security screenings during the hiring process.
- Multi-factor device authentication. All employees use separate passwords and two-step verification with each device and service.
- Security training. All employees undergo security operations training.