Security
Your assets and data are protected by multi-layered security architecture — cold storage, encryption, penetration testing, and real-time anomaly detection.

At XYBIT, security is designed from the ground up — not bolted on after the fact. Every system, every API, and every employee access point is built with a zero-trust security model in mind.
01
95% of user funds are stored in air-gapped cold wallets that are never connected to the internet. Hot wallets hold only the liquidity needed for immediate withdrawals.
02
All accounts support TOTP-based 2FA (Google Authenticator, Authy) and SMS OTP as a fallback. Withdrawals require a separate confirmation step regardless of 2FA method.
03
All data in transit is protected by TLS 1.3. Data at rest — including private keys and personal data — is encrypted using AES-256 with keys managed in HSMs.
04
Our infrastructure is protected by enterprise-grade DDoS mitigation at the network and application layer, ensuring platform availability during attack attempts.
05
Quarterly penetration tests are conducted by CERT-In empanelled security firms against OWASP Top 10 and cryptocurrency-specific attack vectors, with mandatory remediation timelines.
06
All cold wallet transactions require multiple independent key holders to sign — preventing any single point of compromise. Keys are geographically distributed across secure facilities.
Users can whitelist specific withdrawal addresses. Withdrawals to new addresses require 24-hour email confirmation.
Unusual login activity — new device, new location, abnormal time — triggers automatic email alerts and optional account freeze.
Set a personal anti-phishing code that appears in all official XYBIT emails so you can immediately identify authentic communications.
All active sessions are visible in your account. You can remotely terminate any suspicious session with a single click.
95%
Assets in Cold Storage
Offline and air-gapped
0
Security Breaches
Since platform inception
Quarterly
Pen Testing
By CERT-In empanelled firms
We believe in working with the security community to keep XYBIT safe. If you discover a vulnerability in our platform, please report it responsibly to security@xybit.in. We offer rewards for valid reports based on severity (Critical: up to ₹5,00,000; High: up to ₹1,00,000; Medium: up to ₹25,000). We commit to acknowledging your report within 48 hours and providing remediation timelines within 10 business days.
Please do not attempt to access other users' data, disrupt services, or publicly disclose vulnerabilities before they are remediated. Responsible disclosure is the only path to reward eligibility.