Safety & Policies
Digital Asset Security and Insurance
BITBIT’s security standards are among the highest in the Canadian FinTech industry. BITBIT holds the majority of digital assets offline in cold storage protected by multi-signature technology, provided by Ledger Vault, the global leader in security and infrastructure solutions for cryptocurrencies.
For insurable incidents, including fraud, BITBIT holds:
- USD 5 million on its cold wallets, covering internal theft and Hardware Security Module (HSM) malfunction, and
- USD 3 million in insurance per instance on its hot wallets.
- CAD 5 million in general business liability.
BITBIT safeguards users’ fiat in a segregated bank account held at a Canadian Crown-owned financial institution. This measure keeps funds separate from BITBIT’s operating capital. In the event of insolvency, fiat assets can be identified and appropriately distributed to entitled parties.
BITBIT is registered with the Financial Transactions and Reports and Analysis Centre of Canada (FINTRAC) and Revenue Québec as a Money Service Business (MSB). BITBIT complies with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and other applicable laws and regulations.
Robust compliance procedures set BITBIT apart in the cryptocurrency industry by fostering a strong reputation with regulatory and governmental bodies. BITBIT maintains strict Know Your Client (KYC) processes aligned with industry best practices and required under legislation.
FINTRAC Registered: M21068159
Transferring funds out of cold storage requires multiple approvals from BITBIT’s senior management team. Restricting unauthorized internal transactions, effectively protecting the user’s assets and safeguarding their crypto wallets.
In addition, BITBIT’s Ledger Vault is whitelisted, which adds another layer of protection to a user’s funds. Outgoing transactions out of cold storage can only go to BITBIT’s whitelisted addresses in warm storage.
MPC Hot Wallets
BITBIT has implemented Multi-Party Computation (MPC) technology recognized by industry experts.
MPC technology offers an advanced security level for hot wallet management solutions that protect crypto assets from internal/external bad players. It requires multiple parties to perform mathematical computations to create distributed shares, which come together to compute a public key and wallet address to store digital assets.
Third-Party Vendor Assessment
BITBIT has implemented a stringent process to assess third-party service providers. Ensuring the highest security and controls are in place to protect user’s personal information and assets.
Both BITBIT’s hot and cold wallet service providers are System and Organization Controls (SOC) 2, type 1 certified.
Protecting Against Service Attacks
BITBIT’s Distributed Denial-of-Service-Protection (DDoS) mitigation reliably monitors, resists and defends against any comprehensive threats on, or to, the BITBIT platform. It ensures constant maintenance and up-time of service, performance and availability without incurring latency or interference.
BITBIT uses multiple data servers that are isolated and monitored 24/7. A malicious attack on any one of the servers will automatically shut down the network to prevent damage to a user’s data and prevent access to crypto assets held on the platform.
Preventing Account Takeovers
- Mandatory Two-Factor Authentication – Every BITBIT user must enable Two-Factor Authentication (2FA) to withdraw or deposit funds. Users are also required to confirm all withdrawals via email, acting as a third verification form.
- Notifications – An email notification is sent with login time and IP address every time a user logs in to an BITBIT account.
- Account Information – Users requesting any account information updates, such as changing their email, 2FA, phone number or address, must provide BITBIT’s compliance team with:
- An above the shoulder, front-facing image (a selfie) holding a handwritten note that states the current date and the request; and a photo of the front and back of a non-expired PHOTO ID.
This information is compared with the documents provided initially during sign up.
- Access controls
BITBIT utilizes the least privilege approach when providing employees access to client information. Every employee at BITBIT is also required to sign confidentiality and nondisclosure agreements.
- Employee screening
BITBIT conducts an extensive background and criminal check on all employees. BITBIT also obtains employee information per the Canada Revenue Agency reporting and record-keeping requirements.
- Employee training
All BITBIT employees are required to complete appropriate security, Anti-Money Laundering (AML) and any other applicable industry or job-related training. Employees must have sufficient job proficiencies and have all designations and licenses are up to date.
- Daily audits
Daily reconciliation of financial assets on and off the platform is performed to record assets’ integrity, ensuring proper asset distribution (crypto and fiat) between segregated accounts and cold/hot storage.
THIS USER AGREEMENT WAS LAST UPDATED ON April 1, 2022.