EarnPark follows all the industry best practices for IT security checks, data protection, access rights, and data encryption. We’re constantly raising the bar for our security standards so that users can sleep well.
Protected infrastructure
Security is the most essential part of every investment platform. EarnPark funds are managed through tokens spread across different addresses within Fireblocks vault infrastructure.
Each transaction goes through the multi-signature process, monitored by 3 team members. The connection to the protocols is provided via WalletConnect, so that the private keys never leave the multisig and are not compromised anywhere.
Each strategy has its own vault, meaning different private keys for each protocol. If something someone tries to tamper with one protocol, it does not bear additional damage.
Cold crypto storage
95% of crypto assets are stored offline in cold multi-signature wallets
5% of crypto assets are stored in hot wallets allowing users to make instant automatic deposits/withdrawals
Transaction signing only happens offline on separate devices that have never been connected to the network; the entire process involves several people. The multi-signature process works with a number of keys (N) with a required quorum of any (M) keys.
For example, you need 3 keys. Thus, it's not possible to sign the transaction with a single key. If one of the multisig keys goes missing, you won't lose control over your assets completely.
Secure Software Development Life Cycle
According to this methodology, all changes in a code and features implemented are inspected by developers, tested by QA specialists, and analyzed by security experts.
#SSDLC
Modern encryption standards
Traffic between a client browser and server uses the most advanced encryption algorithm, approved in the ecosystems of banking and credit card processing. DNSSEC protects the domain from DNS attacks, and all the browser requests are encrypted (HSTS).
#SSL with TLS 1.3 #DNSSEC #HSTS
Web Application Firewall and DDoS Protection
The top player in the web application security market analyzes server requests. Hacking attempts, bots, and DDoS attacks are filtered out meticulously to prevent a service breakdown. None of our servers have direct access to the internet.
#WAF #DDoS Protection
Infrastructure Monitoring
We monitor Earnpark infrastructure 24/7 to spot rapid abnormal activity and system errors.
Regular Vulnerability Scans
The number-one vulnerability scanner monitors Earnpark infrastructure daily to discover weaknesses of any given sub-system. We regularly update the list of our scanner's tests.
Bug Bounty Program
We have a partnering program for white hat hackers and welcome ethical specialists to collaborate with us to analyze vulnerabilities and enhance the security of the entire infrastructure. We immediately react to any findings and if any bugs or vulnerabilities are discovered, we issue an update ASAP. Up until today, we have not faced any issues that could have shaken our reputation.
Two-factor authentication
Authorization on the site is implemented through Google, allowing you to register and login in with one click. The Google protection system allows you to properly protect your account in several ways.
Moreover, we use 2FA to confirm each login attempt, funds withdrawal, and other crucial account actions.
Withdrawal address whitelisting
Whitelisting is a security feature that allows crypto withdrawals to go only to external addresses already designated in your Address Book. Requiring two-factor authentication to enable/disable the feature, Whitelisting allows users to safely withdraw funds to verified addresses.
Users can:
Enable or disable this feature
Continue to add new addresses to the Address Book (requires a 24-hour hold period)
Withdraw crypto only to addresses saved in the Address Book (with whitelisting enabled)
Security Alerts
We always email our users, reporting the ongoing login process and specify details, such as browser type and geolocation.
Our email system can quickly detect attempted intrusions. Each session is linked to the browser and IP address, protecting an account from cookie theft and session hijacking.
However, your personal security, to no small degree, depends on your own actions. Therefore, we strongly recommend using all the security tools we provide in the profile.
Auto logout
The system features an automatic logout every 1 day if the user hasn’t logged in.