Is Phemex Safe?

Wallet Security

Phemex has designed and implemented a Hierarchical Deterministic Cold Wallet System which assigns separate cold wallet deposit addresses to each user. All the deposits are periodically gathered in the company’s multisignature cold wallet via offline signature. Phemex keeps 100% of our user funds in reserve at all times, so all user assets are backed 1:1 on our platform. We have released Merkle-tree Proof-of-Reserves to enable every user to check and verify where their funds are kept within our system.
Everyday, Phemex expediently processes hundreds to thousands of real-time withdrawals. Each withdrawal request is automatically reviewed by a rigorous risk control system and those that are deemed to be risky are reviewed again manually by internal operators. Based on our sophisticated Wall Street risk control experience, we are able to detect any malicious actions and quickly act to protect the assets of our users and platform. Qualified withdrawal requests are also processed via offline signature, thereby assets remain stored in a cold wallet system with all operations conducted offline.

System Security

Phemex deploys its system and secures its machines on the Amazon Web Service (AWS) Cloud.
Phemex uses several firewalls to separate various zones and machines for different trading purposes. There are multiple levels of security and internal network access management protocols to control the accessibility of one instance to another. Beyond network firewall management, Phemex also applies restrictions on a system level. In many restricted zones, we only allow whitelisted instances to access the system while the system itself must also be whitelisted.

User Account Security

Phemex uses a two-factor authentication mechanism to protect all user accounts. When a user performs any critical operations such as login, funding, or password modifications, the system automatically triggers two-factor authentication. This forces the user to perform a secondary authentication to protect account integrity and security. Users can also choose to enable an anti-phishing code to appear on all legitimate emails they receive from Phemex, to ensure the legitimacy of messages received.
Similarly, Phemex uses a bank-level double-entry bookkeeping system to ensure account security. Double-entry bookkeeping is based on the balance of assets and equity as the basis for accounting. Each time a user performs a funding operation, Phemex performs a matching accounting action in two or more accounts to prevent the tampering of records. Through the double-entry bookkeeping mechanism, Phemex can immediately detect if the user's account has been tampered with. If so, the system will immediately freeze the tampered account and stops all of its pending actions and operations.

Trading Engine Safety

The Phemex trading platform consists of two main core components: The CrossEngine and the TradingEngine. The CrossEngine strictly matches client orders based on price and time priority. The TradingEngine is responsible for managing a full set of risk checks on behalf of the client's trading account. These include costs, fees, PNL, computing, and more, in real-time.
Like other high-frequency trading systems, both of our engines were written in C++. The promising and predictable performance of C++ makes it ideal for modern trading systems. Due to the highly volatile nature of cryptocurrencies, users need engines to react as quickly as possible. Overloading is simply unacceptable. Velocity is an essential necessity for traders as their most concerning challenge is the inability to trade during big market movements. Our Phemex engines are at least 10x faster compared to other competitors while being highly customized. We have minimized 3rd party lib dependencies to keep the core simple and fast.
On top of performance, seamless disaster recovery is another feature provided by our Phemex engines. We have developed our own recovery system that gives our users 99.99% high availability. Each engine runs with multiple hot and warm backups at the same time. In most cases, users will not even notice system maintenance periods or upgrades. Such seamless and fast recovery is critical for 24x7 exchanges.

Report Security Issues and Bugs

Please report any security issues to . We will reward you based on the severity of the issue brought to our attention. email: