We’re proud of the many things we do at Solidi to keep our users safe. In this article we detail just a sample of the lengths we go to to keep your funds safe and secure.

Cold Storage wallets

Long before Solidi’s launch in 2015, the founding team was working hard on our cold storage product. It is the founders belief that security is the single most important part of a successful crypto exchange. Since the earliest development and testing of Solidi in 2013, all of our users wallets have been held in cold storage.

We hold all the private keys to all our user wallets securely, in a vault, offsite from our main offices. Customer withdraws are processed from a hot wallet which holds only a small amount of crypto, ensuring that in the event of a hack, only a small amount of crypto can be stolen.

Moving fund from cold storage into hot storage requires multiple signatures and multiple parties to complete, ensuring that there is no single point of failure when moving funds.

Deposit direct to Cold Storage

At Solidi all crypto funds deposited as deposited directly to 100% offline cold storage.

Most crypto exchanges supply their customers with an online hot wallet address for depositing funds into and will occasionally sweep funds to cold storage. This means that your funds are vulnerable to theft / hacking between the time you deposit and the time when the exchange sweep the funds into real cold storage.

With Solidi, all deposits go directly to our 100% offline air gapped storage giving you the best, most secure possible storage for your assets.

Individual Isolated Private Keys

Unlike most storage solutions, Solidi’s Crypto Custody solution uses both an hierarchically deterministic (HD) wallet from Bitcoin Improvement Proposal 32 (BIP32) and also optionally individual private keys generated entirely in isolation from each other.

BIP32 wallets are very convenient for consumer applications as they can handle multiple currencies and are easily backed up via a single 12 or 24 word seed phrase. They are also highly convenient from a business point of view as you can distribute the master public key to aid with auditing and you can distribute individual private keys from deep down in the hierarchy.

However they have a flaw where by the master private key can be derived from a combination of the master public key and a single child private key. While this is a highly unusual circumstance to have occur, it is none the less a significant security risk.

To combat this, Solidi offers our Custody customers the option to use individual, isolated private keys to provide the ultimate level of security for their funds.

Two Factor Authentication (2FA / TFA)

Passwords are hard – we’re all guilty of occasionally re-using the same password across multiple sites even though we know we shouldn’t!

Since launch, Solidi has provided strong Two Factor Authentication for our customers via a unique one time password generated by an app on your phone.

Unlike many providers (including many banks) we do not use Email or SMS based Two Factor Authentication as this has been proven time and again to be highly insecure.

We would strongly recommend that any service you use must provide 2FA and this should only be in the form of an one time passcode generated by an app on your phone. If a service uses SMS or Email 2FA then it is perhaps time to upgrade to a more secure provider such as Solidi.

Real-time Funds Reconciliation

Solidi runs real-time reconciliation between all fiat and crypto accounts. This ensures that all of our accounts balance and any issue such as a hack / system issue etc is detected immediately.

Our systems and processes far exceed the general standard set by the crypto industry and even that of the eMoney industry where daily reconciliation (and in some cases less frequently) was highlighted as an area of weakness by the Financial Conduct Authority in their 2019 review into the Safeguarding Arrangements of non-bank Payment Service Providers.

Fiat Transaction Monitoring

Since launch, Solidi has monitored all fiat transactions (GBP / EUR) for security and fraud prevention purposes.

Our rules and AI system has is so successful in combatting fraud, that we are proud to announce we have a fraud rate of less than £2 per £1,000,000 in incoming payments.

This is over 5000x lower than the £10,355 per £1,000,000 reported as the ‘worst offender’ in the Payment Systems Regulators (PSR’s) report on Authorised Push Payment Fraud Performance Report (pg 11) and still more than 150x lower than that of the 10th position.

Crypto Transaction Monitoring

Since 2016, Solidi has built and maintained its own inhouse transaction monitoring system for Crypto Transactions.

In 2021 we made the decision to augment this system with third parties to provide additional data. However due to missing features in these third parties (address sharing, address value/volume/velocity etc) and a data set missing key Darkmarkets which were contained in Solidi’s transaction monitoring system, we maintain both systems running in parallel to ensure the best possible security for our customers.

Testing, Auditing and Monitoring

Security is nothing without a strong culture of testing, auditing, monitoring and training.

Solidi’s systems are tested thoroughly during development and live tests are run hourly via a suite of automated tests. All code is audited as part of our ongoing code review, the results of which are fed back into staff training, development and best practices.

The site, servers and other infrastructure is monitored in real-time via the latest Intrusion Detection Systems (IDS) as well as Behavioural Analytics (BA) to ensure the site remains safe from both known and unknown attack vectors.

Only the beginning…

Security is not a “one off” activity, but a constant, daily battle against bad actors. At Solidi we work around the clock to ensure we keep your funds safe. Subscribe to the blog to keep up to date on the latest developments.