At MidChains we follow these simple principles:
We are set up to deal
with external threats.
We have safeguards in
place for human error.
Insider access is curtailed
in accordance with our policies.
Two-Factor Authentication (2FA) is required when you log in to your account or make withdrawals. We support Hardware Security Keys via WebAuthn so that you can secure your account with the strongest 2FA protection. Rate-limiting is applied to some customer account operations, such as your login attempts, in order to thwart attacks. Address whitelists that restricts your withdrawals to approved addresses only, or disables all withdrawals from your account.
Our procedures require dual control in processing of all custodied assets. In terms of accounting controls, we have independent distributed ledger control processes which ensure the accuracy of our records and accounting systems.
We also have adequate contingency plans that are an extension of MidChains internal control and physical security which include provisions for continuance of operation, and recovery when threats may damage or disrupt our systems.
We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers. All of our website data is transmitted over encrypted Transport Layer Security (TLS) connections (i.e., HTTPS). Internal-only sections of our website have separate access controls and are not exposed to the public Internet. We partner with enterprise vendors to mitigate against distributed denial-of-service (DDoS) attacks.