Institutional Grade Crypto Security
Digital Asset Security and Insurance
NDAX’s security standards are among the highest in the Canadian FinTech industry. NDAX holds the majority of digital assets offline in cold storage protected by multi-signature technology, provided by Ledger Vault, the global leader in security and infrastructure solutions for cryptocurrencies.
For insurable incidents, including fraud, NDAX holds:
- USD 5 million on its cold wallets, covering internal theft and Hardware Security Module (HSM) malfunction, and
- USD 3 million in insurance per instance on its hot wallets.
- CAD 5 million in general business liability.
NDAX safeguards users’ fiat in a segregated bank account held at a Canadian Crown-owned financial institution. This measure keeps funds separate from NDAX’s operating capital. In the event of insolvency, fiat assets can be identified and appropriately distributed to entitled parties.
NDAX is registered with the Financial Transactions and Reports and Analysis Centre of Canada (FINTRAC) and Revenue Québec as a Money Service Business (MSB). NDAX complies with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and other applicable laws and regulations.
Robust compliance procedures set NDAX apart in the cryptocurrency industry by fostering a strong reputation with regulatory and governmental bodies. NDAX maintains strict Know Your Client (KYC) processes aligned with industry best practices and required under legislation.
FINTRAC Registered: M18632135
Revenue Québec License Number: 904486
Transferring funds out of cold storage requires multiple approvals from NDAX’s senior management team. Restricting unauthorized internal transactions, effectively protecting the user's assets and safeguarding their crypto wallets.
In addition, NDAX’s Ledger Vault is whitelisted, which adds another layer of protection to a user's funds. Outgoing transactions out of cold storage can only go to NDAX’s whitelisted addresses in warm storage.
MPC Hot Wallets
NDAX has implemented Multi-Party Computation (MPC) technology recognized by industry experts.
MPC technology offers an advanced security level for hot wallet management solutions that protect crypto assets from internal/external bad players. It requires multiple parties to perform mathematical computations to create distributed shares, which come together to compute a public key and wallet address to store digital assets.
Third-Party Vendor Assessment
NDAX has implemented a stringent process to assess third-party service providers. Ensuring the highest security and controls are in place to protect user's personal information and assets.
Both NDAX’s hot and cold wallet service providers are System and Organization Controls (SOC) 2, type 1 certified.
Protecting Against Service Attacks
NDAX’s Distributed Denial-of-Service-Protection (DDoS) mitigation reliably monitors, resists and defends against any comprehensive threats on, or to, the NDAX platform. It ensures constant maintenance and up-time of service, performance and availability without incurring latency or interference.
NDAX uses multiple data servers that are isolated and monitored 24/7. A malicious attack on any one of the servers will automatically shut down the network to prevent damage to a user’s data and prevent access to crypto assets held on the platform.
Preventing Account Takeovers
- Mandatory Two-Factor Authentication - Every NDAX user must enable Two-Factor Authentication (2FA) to withdraw or deposit funds. Users are also required to confirm all withdrawals via email, acting as a third verification form.
- Notifications - An email notification is sent with login time and IP address every time a user logs in to an NDAX account.
- Account Information - Users requesting any account information updates, such as changing their email, 2FA, phone number or address, must provide NDAX’s compliance team with:
- An above the shoulder, front-facing image (a selfie) holding a handwritten note that states the current date and the request; and a photo of the front and back of a non-expired PHOTO ID.
This information is compared with the documents provided initially during sign up.
- Access controls
NDAX utilizes the least privilege approach when providing employees access to client information. Every employee at NDAX is also required to sign confidentiality and nondisclosure agreements.
- Employee screening
NDAX conducts an extensive background and criminal check on all employees. NDAX also obtains employee information per the Canada Revenue Agency reporting and record-keeping requirements.
- Employee training
All NDAX employees are required to complete appropriate security, Anti-Money Laundering (AML) and any other applicable industry or job-related training. Employees must have sufficient job proficiencies and have all designations and licenses are up to date.
- Daily audits
Daily reconciliation of financial assets on and off the platform is performed to record assets’ integrity, ensuring proper asset distribution (crypto and fiat) between segregated accounts and cold/hot storage.