Security
Enterprise-Grade Security
Your assets are protected by institutional-grade security infrastructure. From multi-layered cold storage to ML-powered threat detection, every component is engineered for resilience.
12+
Security Audits
99.99%
Uptime
$100M+
Assets Insured
24/7
Monitoring
Security Architecture
Multi-Layered Defense
Our security framework combines cutting-edge cryptography, machine learning, and battle-tested infrastructure to defend your assets at every layer.
Cold Storage Architecture
95% of assets are held in air-gapped cold storage with geographically distributed vaults. A warm wallet layer handles daily operations while hot wallets process only immediate withdrawals.
TSS/MPC Multi-Party Computation
Private keys are never stored in a single location. Threshold Signature Scheme (TSS) distributes key shares across multiple independent parties, eliminating single points of failure.
ML-Powered Fraud Detection
A 5-model ensemble analyzes every transaction in real time, detecting anomalous patterns across behavioral, statistical, and graph-based dimensions before threats materialize.
DDoS Protection & WAF
Enterprise-grade Web Application Firewall and multi-layer DDoS mitigation absorb and filter malicious traffic, ensuring platform availability even under sustained attacks.
End-to-End Encryption
All data in transit is secured via TLS 1.3 with perfect forward secrecy. Data at rest is encrypted with AES-256, and sensitive fields use application-layer encryption.
Real-Time Monitoring
A 24/7 Security Operations Center (SOC) monitors infrastructure, network traffic, and user activity. Automated alerts trigger incident response within minutes.
Threat Intelligence
ML Fraud Detection Ensemble
Five specialized models work in concert to analyze every transaction from multiple perspectives, catching threats that any single model would miss.
Statistical Detector
Applies statistical hypothesis testing to transaction amounts, frequencies, and timing patterns to flag deviations that exceed expected variance thresholds.
IQR Outlier Detector
Uses interquartile range analysis on rolling windows of user activity to identify outlier transactions that fall outside normal behavioral boundaries.
Behavioral Analyzer
Builds per-user behavioral profiles from login patterns, device fingerprints, and trading habits. Flags activity that deviates from established baselines.
Graph Network Detector
Maps transaction flows across the network as a directed graph, detecting coordinated manipulation rings, wash trading clusters, and suspicious fund routing patterns.
Cluster Anomaly Detector
Applies unsupervised clustering algorithms to group similar transaction patterns, then flags activity that falls outside known clusters as potentially fraudulent.
Account Protection
Withdrawal Safeguards
Multiple layers of protection ensure that even if credentials are compromised, unauthorized withdrawals are blocked.
Address Whitelisting
Restrict withdrawals to pre-approved wallet addresses. New addresses require email and 2FA confirmation, with a mandatory cooling period before activation.
24-Hour Withdrawal Delay
When security settings are changed, withdrawals are automatically locked for 24 hours, giving you time to detect and respond to unauthorized access.
Velocity Limits
Configurable rate limits on withdrawal amounts and frequency. Large or unusual withdrawal patterns trigger additional verification steps automatically.
Anti-Phishing Codes
Set a personal anti-phishing code that appears in every official XEX email, helping you instantly identify and discard phishing attempts.
Asset Protection
SAFU Insurance Fund
The Secure Asset Fund for Users (SAFU) is a dedicated insurance reserve that provides an additional layer of protection for user assets beyond our security infrastructure.
Dedicated Reserve Pool
A percentage of all trading fees is allocated to the SAFU fund, which is held in segregated cold storage wallets and continuously audited by third-party firms.
Third-Party Insurance
In addition to the SAFU fund, XEX maintains insurance policies with leading crypto-native and traditional insurers covering custodial assets against theft and security breaches.
Transparent Reporting
SAFU fund balances and insurance coverage details are published quarterly. Independent auditors verify fund reserves match reported figures.
Bug Bounty
Responsible Disclosure Program
We partner with the global security research community to identify vulnerabilities. Rewards range from $500 to $100,000 depending on severity.
Report
Submit your findings through our secure disclosure portal with detailed reproduction steps, impact assessment, and any proof-of-concept code.
Triage
Our security team acknowledges your report within 24 hours and begins severity assessment. You will receive regular status updates throughout the process.
Fix
Our engineering team develops, tests, and deploys a fix. Critical vulnerabilities are patched within 48 hours. You may be consulted to verify the remediation.
Reward
Once the fix is deployed and verified, you receive your bounty reward based on severity classification. Top researchers are featured in our Security Hall of Fame.
Transparency
Proof of Reserves
We believe trust is earned through transparency. XEX publishes cryptographic proof of reserves so you can independently verify that all user assets are fully backed.
Merkle Tree Verification
Every user can verify their account balance is included in our published Merkle tree root hash without revealing any other user's data. Proofs are updated monthly.
Independent Audits
Leading audit firms conduct quarterly attestation engagements, verifying on-chain reserves match total user liabilities across all supported assets.
Real-Time Dashboard
Our public reserves dashboard displays live wallet balances, reserve ratios, and historical trends, providing continuous visibility into asset backing.
Your Assets, Our Priority
Trade with confidence knowing your assets are protected by institutional-grade security, comprehensive insurance coverage, and 24/7 real-time monitoring.