At Coincap, we take a comprehensive approach to ensure the security of your digital assets. Our security experts have built a number of sophisticated measures to prevent the theft of money or information. We know that for digital currencies, theft isn't the only threat of course, and therefore have set a professional exchange that offers financial stability, with full reserves, healthy banking relationships and the highest standards of legal compliance. All of our security protocols and procedures are audited by some of the major international security firms to ensure that we are at the forefront of global financial institution security.

Described below are some of the security procedures we follow, so that you can be assured of the competence of our security measures that go well beyond what we are willing to make public.

  • Once you buy cryptocurrencies on Coincap, they are stored in your Coincap’s ‘wallets’.
  • These ‘wallets’ actually store the secure digital keys used to access your public cryptocurrency addresses and sign transactions.
  • All new deposits go directly to cold wallets which are encrypted, with complete air-gap isolation from any online system.
  • A limited number of coins are stored in semi-cold wallets, on protected machines with locked drives.
  • Only the coins that are needed to maintain operational liquidity are stored in hot (online) wallets.
  • All of your cryptocurrency funds are held separately in segregated wallets.
  • To provide your account with the maximum security, we store most cryptocurrency balances in secure multi-signature (multisig) cold wallets and only keep a minimum amount in hot wallets on our online servers
  • Your passwords and API keys are salted, hashed and never stored in our code or database.
  • We provide two-factor authentication funding, trading, and actions that can be performed using API keys.
  • All your personal identity documents and personal data are encrypted, and access to multiple highly secure systems is required to decrypt it.
  • A separate two-factor authentication channel (Master Key) can be enabled for highly secure account recovery as well.
  • Protection against leakage of user information: login or password recovery attempts will not reveal any account information, including the existence of an account.
  • Your cryptocurrency deposits are regularly audited, and we publish these audits as well for system scrutiny.
  • We have created a global settings lock, that can be enabled to prevent tampering of user account information, including withdrawal addresses, in case an attacker gains access to your account.
  • We maintain continuous auditing, logging, backups, and safeguarding of data in geographically redundant encrypted storage.
  • We have created an isolated, highly secure system for uploading account verification documents.
  • All your account information is stored in a secure facility that is safeguarded 24-hours- a-day, and we use bank-grade security to gain access to our servers.
  • Our products run on a dedicated network which is locked down with firewalls and carefully monitored.
  • We work with world-class security researchers to keep up to date with the latest innovations in web security.
  • Data is encrypted wherever possible, and systems are both redundant and isolated from one another.
  • Our servers replicate the data in real time.
  • Data is backed up on a daily basis.
  • To protect our system against malicious attacks, we run numerous security tests on our software and systems and maintain the very latest virus protection software.
  • The software infrastructure at Coincap is regularly updated with the latest security patches.
  • Our office is wired with separate networks for different purposes. The system our agents use to access your uploaded account verification documents cannot be used for anything else. Support tickets are on an entirely separate system, and so on.
  • Our staff has been thoroughly reviewed, and multiple sign-offs are required for anything remotely sensitive.
  • Although the legal status of Bitcoin and Ethereum is still being defined, yet Coincap takes a highly proactive and informed approach to ensuring legal compliance both in Malaysia and globally.
  • At Coincap, we believe in operating in full accordance with the bounds of the current law and regularly monitor the regulatory developments, so that we can anticipate changes before they occur on any scale.
  • Our compliance measures are designed by a highly skilled team of legal advisors that is having expertise in financial and legal dealings, and evaluate our legal stance in the face of regulatory developments on a regular basis.

Tips For Managing Your Account Securely

Below are some tips that must be followed for ensuring maximum security of your Coincap account:

  • Always use a strong password
  • Change it often
  • Keep it to yourself.

A strong password has the following attributes:

  • At least eight-character long
  • Contains a mixture of letters, numbers, and symbols
  • Doesn't contain your user name, real name, or company name
  • Significantly different from previous passwords
  • Isn't the same password you use on other web sites, such as for online banking or other email accounts

Besides keeping your passwords secure there are some other factors that must also be monitored properly for giving your account maximum protection.

These are:

  1. Keep your user information up to date
    • Current user information (like your phone number) helps us to verify your identity if you forget your password or if someone else tries to take over your account.
    • To update your user information, login on your account and go to the User Information section.
  2. Watch for suspicious connections
    • The Connections History page in the Security section helps you track unusual or suspicious connections. You can see the IP, the country and the date/time of your latest sign-ins. If you see something wrong or unfamiliar, you can report it to local cybercrime agencies so that they can investigate.
  3. Enable two-step verification
    • We strongly recommend you to implement 2-factor authentication on your account.
    • Once the 2-step verification is activated, in addition to the 'usual' password, you have to enter a one-time password shown on your additional device for a successful login on
  4. Install an antivirus program on your PC/Mac
  5. Update your operating system, browser, and other software
  6. Be careful of suspicious emails and websites
  7. Use a pop-up blocker with your Internet browser