Gibraltar FX is committed to provide the highest level of security to its platform users
Customer asset protection
Extensive cyber-security framework is implemented in order to ensure that strict measures and practices are in place to protect customer assets against any eventualities and threats. We are conducting periodical stress tests and security audits to ensure compliance with the strictest security standards.
We use the following security tools and measures:
2FA (provided by Google Auth) to ensure account security and prevent any unauthorised access to user’s account.
Mandatory Bitcoin address whitelisting feature
Cold storage of digital assets with Multisignature technology
Hardware security modules with rating of FIPS PUB 140-2 Level 3 or higher
Full risk check after every order placement and execution
Encrypted SSL (https) to encrypt and secure our website’s traffic.
All passwords are cryptographically hashed (using bcrypt with a cost factor of 12) while all other sensitive data is encrypted.
Cloudflare to mitigate potential distributed denial-of-service (“DDoS”) attacks.
Regular tests and check-ups by our technical team.
On-going and IT security assessments are executed to keep up to date with new potential vulnerabilities.
Our environment is hosted on Amazon Web Services (“AWS”). AWS has a proven track record for physical security and internal controls.
Gibraltar FX trading engine has been designed to meet the highest online-trading industry standards. All systems have been uniquely coded to minimize latency and increase order execution speed. System automatically monitors all risks associated with buying power, buying power factor, maximum order size, maximum position size, P/L loss thresholds, odd lot allowance, and executes full risk check after every order placement. Gibraltar FX prides itself on having one of the most advanced and reliable trading software on the market.
Registration takes only 40 seconds!
The majority of customer digital assets (Bitcoin) are held in our offline storage system (“Cold Storage”). Only a small portion of digital assets are held in our online wallet (“Hot Wallet”).
We use Multi-signature access (“Multisig”) to provide both security against attacks and tolerance for losing access to a key or facility, eliminating single points of failure. All fund transfers from Cold Storage to Hot Wallets are handled manually and require the coordinated actions of multiple employees.
A dual factor authentication (also known as 2FA or two-step verification) is a security process that requires the user to provide two different authentication factors to verify themselves. It gives a higher level of assurance than single-factor authentication (SFA) methods that require to only provide one factor (usually a password).
It’s one of the best ways to secure your account and the setup process is very easy so we strongly recommend you to enable 2FA for your account immediately after you complete the registration process. Our 2FA system uses a TOTP solution which means it requires a Google Authenticator app. It’s more secure and reliable than using SMS as 2FA solution.
Follow these steps to enable 2FA:
Download the Google Authenticator app for either iOS or Android
Go to to System Preferences menu
Click ‘Enable GA’ button in Google Authenticator section
Backup you secret key and confirm it by clicking on the box next to ‘I backed up a 16-digit code’
Confirm the setup by entering PIN code generated by 2FA
Next time you will be asked to provide a code from Google Authenticator to access your account or withdraw funds.
Please note that in order to disable your 2FA you will have to contact our support at firstname.lastname@example.org this procedure may take up to 5 business days.
Withdrawal address whitelisting
We offer Customers additional account level protections such as crypto Address Whitelisting. This feature adds an additional layer of protection by allowing customers to whitelist specific withdrawal addresses.
By doing so, withdrawals will be restricted to addresses only included in the whitelist. In the unlikely event that your Gibraltar FX account is compromised, an unauthorized user will not be able to withdraw digital assets to a different address.