Phemex has designed and implemented a Hierarchical Deterministic Cold Wallet System which assigns separate cold wallet deposit addresses to each user. All the deposits are periodically gathered in the company’s multisignature cold wallet via offline signature.
Phemex processes withdrawal requests 3 times/day, and each request is rigorously scrutinized by both operators and founders. Based on our sophisticated Wall Street risk control experience, we are able to detect any malicious actions and quickly act to protect the assets of our users and platform. Qualified withdrawal requests are also processed via offline signature, thereby all assets remain 100% stored in a cold wallet system with all operations conducted offline.
Phemex deploys its system and secures its machines on the Amazon Web Service (AWS) Cloud.
Phemex uses several firewalls to separate different zones and machines for different trading purposes. There are multiple levels of security and internal network access management protocols to control the accessibility of one instance to another. Beyond network firewall management, Phemex also applies restrictions on a system level. In many restricted zones, we only allow whitelisted instances to access the system while the system itself must also be whitelisted.
User Account Security
Phemex uses a two-factor authentication mechanism to protect all user accounts. When a user performs any critical operations such as login, funding, or password modifications, the system automatically triggers two-factor authentication. This forces the user to perform a secondary authentication to protect account integrity and security.
Similarly, Phemex uses a bank-level double-entry bookkeeping system to ensure account security. Double-entry bookkeeping is based on the balance of assets and equity as the basis for accounting. Each time a user performs a funding operation, Phemex performs a matching accounting action in two or more accounts to prevent the tampering of records. Through the double-entry bookkeeping mechanism, Phemex can immediately detect if the user's account has been tampered with. If so, the system will immediately freeze the tampered account and stops all of its pending actions and operations.
Trading Engine Safety
The Phemex trading platform is comprised of two main core components: The CrossEngine and the TradingEngine. The CrossEngine strictly matches client orders based on price and time priority. The TradingEngine is responsible for managing a full set of risk checks on behalf of the client's trading account. These include costs, fees, PNL, computing, and more, in real-time.
Like other high-frequency trading systems, both of our engines were written in C++. The promising and predictable performance of C++ makes it ideal for modern trading systems. Due to the highly volatile nature of cryptocurrencies, users need engines to react as quickly as possible. Overloading is simply unacceptable. Velocity is an essential necessity for traders as their most concerning challenge is the inability to trade during big market movements. Our Phemex engines are at least 10x faster compared to other competitors. Our engines are also highly customized. We have minimized 3rd party lib dependencies to keep the core simple and fast.
On top of performance, seamless disaster recovery is another feature provided by our Phemex engines. We have developed our own recovery system that gives our users 99.99% high availability. Each engine runs with multiple hot and warm backups at the same time. In most cases, users will not even notice system maintenance periods or upgrades. Such seamless and fast recovery is critical for 24x7 exchanges.
Report Security Issues and Bugs
Please report any security issues to firstname.lastname@example.org. We will reward you based on the severity of the issue brought to our attention. email: email@example.com