HyperPay mainly protects users' assets from four dimensions, including: the wallet itself, user operation, the server, and technical developers. At the same time, HyperPay also cooperates deeply with foreign and domestic well-known security companies, hiring them as security consultants to help HyperPay conduct regular security audits and consultation work. Based on their audits and their security assessment reports on HyperPay, we've been continuously optimizing the wallet.
As for the server, Hyperpay currently implements 24-hour monitoring using dedicated security components. It sets up cloud security groups according to the recommendations of SANS organizations, and uses independent resources such as private clouds to calculate resource containerization, VPN gateways, and encrypted data storage. Moreover, it establishes layers of security protections which include randomization parameters, RSA encryption and pass-through for communication interfaces.
HyperPay's security strategies, including being the first to use AES 256 encryption technology, which realizes the maximum protection of asset security, adopting plans such as hot and cold wallet segregation, multi-sign cold wallet and independent cold wallet for asset storage, to ensure that the wallet never connects to the internet. 80% of the assets are stored offline, enabling separation of transactions and asset custody. CI/CD development program is also embeded to monitor quality and vulnerabilities, implement Tier 6 disaster backup solution, deploy dedicated observer wallet, reduce wallet exposure time, and improve the security of digital assets off the chain.
For the Off-chain wallet, in the login session, we prompt the users for the complexity degree of the password set, reminding them to change the password regularly, and we also add Google verification, SMS verification, fingerprint verification; in the transfer session, similar to other exchanges, we have multiple layers of security audits including double-verification, transaction password, manual phone verification. After updating the 3.9 version, we have added mechanisms such as face authentication, verification questions, security scoring, fully upgrading the security level of the wallet usage.
There is a special security audit to confirm the security of the app about on-chain wallet. We have applied AES symmetric encryption preservation for local data, security development components to enhance the security of the app, and certificate binding and RSA to ensure the security of information exchange. We also aim at cross-app attacks to take a seperate protection.
HyperPay's security strategies and features can be summarized as follows: First, the professional security team conducting a comprehensive security audit of HyperPay, and the exclusive security team guaranteeing the security of the wallet; Second, the multi-dimensional security enhancements, including: cloud security, security monitoring, security emergency response, city disaster recovery, complete code management solution, abnormality detection, employee security strategy; Third, diverse wallet management plans, including multi-signature wallet server, hot and cold wallet server segregation, minimum wallet exposure, 80% of the assets stored in the multi-signature cold wallet in the isolated gatekeeper.