At coincheck we take security seriously to ensure customers can have smooth and reliable bitcoin transaction.
Also, as a member of JBA(Japan Blockchain Association) we follow JBA's guidelines to ensure customers can have use coincheck's services in peace.
For more information about JBA's guidelines, please refer to the following link
Here, we will explain everything about coincehck's security.
Back in days when Mt.Gox managed customers wallet, they didn't manage cold wallets completely offline.
At coincheck, we ensure customers illiquid assets is safe by storing secret key completely offline.
97% of assets is stored in a cold wallet.
Cold wallet is stored in multiple places, so even if some of your wallets been destroyed because of unexpected event your bitcoin is kept safe.
Also, a third person can not streal your wallet because we follow AE-256 standard when encrypting your cold wallets.
AES(Advanced Encryption Standard) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST).
You don't need to worry about vulnerability because coincheck's wallet use RFC6979, a secure way for generating random numbers.
We completely separate company's assets from customers assets. We never use your assets as the company's.
Possible activities that may leak your password.
・Using same passoword in multiple website
・Clicking a spam link
・Downloading software from the internet
By using 2-Step Verification, you can prevent hacking from a third person even your password is stolen.
SSL will avoid third person to see a conection between you and us.
SSL;Secure Socket Layer is a cryptographic protocol.
・Check if key symbol is displayed next to URL.
・URL is ”https://〜”, not ”http://〜”.
Usually, HTTP(HyperText Transfer Protocol) is used when making a connection between server and browser. However, HTTP can not encrypt message or block spoofing. We use SSL to prevent an attack from fraudulent activities.
You can check detail of SSL server certificate by clicking on key displayed in URL column.
SSL is also used in our internal system.
We archive all transaction logs.
We encrypt every customer's data in our database.
Our employees can not view your personal data or use your bitcoins.
We recommend you setting strong password in order to protect your account from a malicious third partys/person. To do that, please check the following.
・Don't use easy to remember password; date of your birth, name and id you use for SNS.
・Please use variations on capitalization, spelling, numbers, and punctuation.
Passwords are hashed. We adopt bcrypt(Blowfish); a hash function is suitable way of authentication.
When you login, we temporary lock your account in order to prevent hacking by a third person if you fail to login for certain times.
We take identity verification seriously to make coincheck a safe place to trade bitcoin. This process is important to avoid fraudulent users.
We ask for SMS Authentication to verify your identity.
We verify your identity by reviewing one or more of the following documents.
A high-resolution copy of either document listed below.（ID mush have your name & issuing country) (For people from non-English speaking country, we only accept passport)
※Please take a selfie of you holding your ID(ID selfie).
・Residence Card(provide a backside image)
・Special Permanent Resident Certificate(provide a backside image)
・Driver's license(provide a backside image)
・Individual Number card(do NOT provide a backside)
If you represent a corporation please submit the following documents.
All of below
・High-resolution copy of the Certificate of Incorporation issued within 6 months.
・Document detailing the address of the company's registered office (For company outside of Japan). Copy of passbook in corporate name (For company in Japan).
・Photo of company's owner or controlling person holding his/her Photo ID (ex: passport/driver's license).
ID selfie is a modern way of Online Identity Verification. It is used mainly in western countries.
You will be automatically logged out if you do nothing for a certain time. This will protect your account from third person.
In Japan, bitcoin compliance is still at an infant stage. At coincheck, we work together with our legal advisor and carefully operate our business.
As coincheck, we strictly follow current Japanese laws and regulations. We will also continuously monitor regulations in order to predict changes that might happen beforehand.