star

Security

Bank-Grade Security

Your assets and data are protected by multi-layered security architecture — cold storage, encryption, penetration testing, and real-time anomaly detection.

secureity

Security is Not an Afterthought

At XYBIT, security is designed from the ground up — not bolted on after the fact. Every system, every API, and every employee access point is built with a zero-trust security model in mind.

  • 95% of assets stored offline in air-gapped cold wallets
  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Multi-signature cold wallet authorization
  • Quarterly CERT-In empanelled penetration testing

Security Infrastructure

01

Cold Storage

95% of user funds are stored in air-gapped cold wallets that are never connected to the internet. Hot wallets hold only the liquidity needed for immediate withdrawals.

02

Two-Factor Authentication

All accounts support TOTP-based 2FA (Google Authenticator, Authy) and SMS OTP as a fallback. Withdrawals require a separate confirmation step regardless of 2FA method.

03

End-to-End Encryption

All data in transit is protected by TLS 1.3. Data at rest — including private keys and personal data — is encrypted using AES-256 with keys managed in HSMs.

04

DDoS Protection

Our infrastructure is protected by enterprise-grade DDoS mitigation at the network and application layer, ensuring platform availability during attack attempts.

05

Penetration Testing

Quarterly penetration tests are conducted by CERT-In empanelled security firms against OWASP Top 10 and cryptocurrency-specific attack vectors, with mandatory remediation timelines.

06

Multi-Signature Wallets

All cold wallet transactions require multiple independent key holders to sign — preventing any single point of compromise. Keys are geographically distributed across secure facilities.

Account Protection Tools

Withdrawal Whitelisting

Users can whitelist specific withdrawal addresses. Withdrawals to new addresses require 24-hour email confirmation.

Login Anomaly Detection

Unusual login activity — new device, new location, abnormal time — triggers automatic email alerts and optional account freeze.

Anti-Phishing Code

Set a personal anti-phishing code that appears in all official XYBIT emails so you can immediately identify authentic communications.

Session Management

All active sessions are visible in your account. You can remotely terminate any suspicious session with a single click.

Security by the Numbers

95%

Assets in Cold Storage

Offline and air-gapped

0

Security Breaches

Since platform inception

Quarterly

Pen Testing

By CERT-In empanelled firms