Security of our clients’ assets is our #1 priority. We have invested years of effort and many millions of dollars in cybersecurity, cryptosecurity, and operational security across the firm.

We use industry-leading technology to offer you bank-level security

  • We leverage a combination of multi-party computation (MPC) wallets to derive the private keys and addresses from the mnemonic, which follows the BIP44 standard. Mnemonic shares are composed of multiple components that are separately generated and stored. Each component holds an independent mnemonic – to evaluate a computation without ever revealing any of the private data held by each party.

  • We utilize secure transfer environments (walled gardens) of whitelisted addresses. To provide an additional layer of security, Multi-Factor Authentication (MFA) is required when you log in to your account or make withdrawals. By authenticating deposit addresses to our network of accounts, we protect deposit addresses from man-in-the-middle attacks, spoofing, and entry errors. API keys used for moving funds between exchanges and wallets are stored in a Trusted Execution environment which cannot be retrieved by hackers, insiders, or our MPC wallet providers. This security solution has passed Deloitte audits with a SOC 2 Type II Certification.

We operate with a security-first mentality from day one

  • We have a long history of risk management in both the traditional and crypto markets. Our risk control system ensures 24/7 real-time monitoring and the ability to respond to situations in a timely and effective manner. Our smart contract security team comprises some of the most talented white-hats in the industry, and has prevented countless flash-loan and re-entrancy attacks from large decentralized finance (DeFi) protocols.

We have a rigid security culture

We have a responsive and effective 24/7 Information Security Team, aiming to reduce the risk of significant security incidents and data breaches. Furthermore, we have implemented a zero trust security approach and privileged access management protocol to guard against the misuse of insider access.

MPC-based infrastructure to ensure asset security
End-to-end proprietary HSM
Real-time operational risk management system
Robust information security monitoring
“Zero-trust” security approach

Amber Group is SOC 2 certified, as audited by Deloitte