We take careful measures to ensure that your bitcoin is 100% safe. Our customer funds are stored offline and distributed geographically in safe deposit boxes and vaults around the world. Data is split with redundancy, AES-256 encrypted, and copied to FIPS-140 USB drives and paper backups.
youHODL® employees must pass a criminal background check as part of the hiring process. They are required to encrypt their hard drives, utilize strong passwords, and enable screen locking.
We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks. We hash passwords stored in the database (using bcrypt with a cost factor of 12). Application credentials are kept separate from the database and code base. 'Send Bitcoin' transactions require the input of one of twelve mnemonic passphrases, randomly selected and known to wallet owners only.
We rate limit a variety of actions on the site (login attempts, etc). and we whitelist attributes on all models to prevent mass-assignment vulnerabilities.
youHODL® encourage responsible disclosure of security vulnerabilities by participating in the hackerone bug bounty program; to date, no bugs have been found in our system despite an active community of over 200 dedicated security researchers. Darnley Mining - Bitcoin Miners