Your assets,
fully protected

Industry-leading security infrastructure with $100M insurance coverage. Your funds are protected by the same standards used by global banks.

Insurance Details Bug Bounty
$100M
Insurance coverage
98%
Assets in cold storage
256-bit
AES encryption
SOC 2
Type II certified

Multi-layer security architecture

Six independent layers of protection working together to keep your assets safe

Biometric Authentication

Multi-factor authentication using Face ID, Touch ID, and hardware security keys.

  • Face ID & Touch ID support
  • YubiKey & hardware tokens
  • Biometric device binding
  • Liveness detection

Multi-Signature Cold Storage

98% of all digital assets are held in offline, geographically distributed cold storage vaults.

  • Offline air-gapped storage
  • Multi-signature (3-of-5) keys
  • Geographic distribution
  • HSM-secured private keys

End-to-End Encryption

All sensitive data is protected with AES-256 encryption at rest and TLS 1.3 in transit.

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • Perfect forward secrecy
  • Hardware Security Modules

Advanced KYC & AML

Comprehensive identity verification and anti-money laundering procedures.

  • Biometric identity verification
  • Sanctions list screening
  • Transaction monitoring AI
  • Suspicious activity reports

Continuous Security Audits

Independent third-party security firms conduct quarterly penetration tests.

  • Quarterly penetration testing
  • Continuous code review
  • Bug bounty up to $250K
  • Open-source verification

Regulatory Compliance

Fully licensed and regulated across multiple jurisdictions.

  • Licensed in 20+ jurisdictions
  • SOC 2 Type II certified
  • ISO 27001 certified
  • GDPR & CCPA compliant
$100 Million Insurance

Full coverage on all custodial digital assets

All digital assets held in our custody are insured through a comprehensive policy with Lloyd's of London, the world's leading insurance marketplace. This coverage protects against theft, hacking, and operational errors.

Insurance Provider

Lloyd's of London syndicate led by Marketform, one of the most trusted names in specialty insurance since 1888.

Hot Wallet Coverage

Up to $50 million in coverage for assets held in hot wallets for operational liquidity.

Cold Storage Coverage

Up to $50 million in coverage for assets held in offline cold storage vaults.

What's Covered

Theft by employees, hacking attacks, insider threats, and operational errors.

Important: Insurance does not cover losses due to user error (lost passwords, sending to wrong address, falling for phishing scams, etc.). Always enable 2FA and use strong passwords.

Infrastructure Security

Enterprise-grade technical infrastructure protecting your data and assets

Cloud Infrastructure

Our infrastructure is hosted on enterprise-grade cloud providers with geographically distributed data centers. We maintain 99.99% uptime SLA through multi-region redundancy and automatic failover.

  • Multi-region active-active deployment
  • Automatic failover in under 30 seconds
  • DDoS protection at network edge
  • Web Application Firewall (WAF)
  • Real-time threat intelligence

Data Protection

All sensitive data is encrypted both at rest and in transit using industry-leading cryptographic standards.

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Database encryption with key rotation
  • Encrypted backups with 30-day retention
  • GDPR-compliant data handling

Operational Security

Strict internal controls and procedures protect against insider threats

Access Control

Role-based access control (RBAC) with principle of least privilege. All access is logged and monitored.

24/7 Monitoring

Security Operations Center (SOC) monitors all systems 24/7. Automated alerts notify our team of any suspicious activity.

Employee Screening

All employees undergo thorough background checks. Access to sensitive systems requires multiple approvals.

Security Training

All team members complete mandatory security awareness training and secure coding practices.

Incident Response

Documented incident response procedures with defined roles. Regular drills ensure our team is prepared.

Regular Audits

Internal and external security audits conducted quarterly. Independent firms verify our security posture.

Certifications & Compliance

Independently verified security and compliance standards

SOC 2 Type II

Security, availability

Certified 2024

ISO 27001

Info security mgmt

Certified 2023

PCI DSS L1

Payment card standard

Certified 2024

GDPR

EU data protection

Compliant

CCSS L3

Crypto security

Certified

CSA STAR

Cloud security

Level 2

FATF

Travel rule

Compliant

Wolfsberg

AML standards

Member

Protect your account

Security is a shared responsibility. Follow these best practices

Use a strong, unique password

Create a password with at least 12 characters including uppercase, lowercase, numbers, and symbols. Use a password manager.

Enable Two-Factor Authentication (2FA)

Always enable 2FA using an authenticator app rather than SMS. Hardware security keys provide the highest level of protection.

Beware of phishing attacks

Always verify the URL before entering your credentials. MonxoBank will never ask for your password via email or phone.

Verify email notifications

We send email confirmations for all important account activities. Report any suspicious activity immediately.

Use secure networks

Avoid accessing your account on public Wi-Fi. Use a VPN when traveling. Always log out on shared devices.

Monitor your account regularly

Review your transaction history and account activity. Set up alerts for logins and transactions.

Security advisories

How we communicate security incidents and updates

In the event of a security incident that may affect our users, we are committed to:

  • Immediate investigation within minutes of any suspected incident
  • User notification via email and in-app notifications within 24 hours
  • Public disclosure of major incidents through our security advisory page
  • Regulatory reporting to relevant authorities as required by law
  • Post-mortem transparency with detailed analyses
  • User protection through insurance coverage

Have a security concern?

Found a vulnerability? Report it through our bug bounty program. Suspect unauthorized access? Contact our security team immediately.