Our Commitment to Security
Our security philosophy follows from the principles of:
1) building defense-in-depth against external threats;
2) protecting against human error; and
3) guarding against misuse of insider access.
Digital Asset Security
The majority of customer digital assets (e.g., bitcoin) are held in our offline (i.e., air-gapped) vaulted storage system (“Cold Storage”). Only a small portion of digital assets are held in our online wallet (“Hot Wallet”).
- Our Hot Wallet environment is hosted on Amazon Web Services (“AWS”). AWS has a proven track record for physical security and internal controls. More information can be found here.
- Tiered access-controls are applied to our production environment to restrict access to employees based on role, following the principle of least-privilege.
- Administrative access to our production environment requires multi-factor authentication.
- Hot Wallet key management is rooted in hardware security modules (“HSMs”). We use the hosted CloudHSM service provided by AWS, which offers dedicated HSMs within the AWS cloud.
- The specific hardware used by CloudHSM has been evaluated according to federal information processing standard publication 140-2 (“FIPS PUB 140-2”) and achieved a rating of Level 2.
Our Cold Storage system provides two tiers of offline storage dubbed “cold” and “cryo” (short for “cryogenic”) for improved security and redundancy.
- We use HSMs that have achieved a rating of FIPS PUB 140-2 Level 3 (or higher).
- All cold and cryo private keys are generated, stored and managed onboard our HSMs for the lifetime of the key.
- We use Multi-Signature technology (“Multi-Sig”) to provide both security against attacks and tolerance for losing access to a key or facility, eliminating single points of failure.
- All HSMs are stored in guarded, monitored and access-controlled facilities that are geographically distributed.
- Hardware is sourced from diverse manufacturers to guard against supply-chain risks.
- All fund transfers require the coordinated actions of multiple employees (i.e., all facilities are “no-lone zones”).
- We are a full reserve digital asset exchange. Customers may only trade from pre-funded accounts.
- All customer USD fiat funds are held in an omnibus account at an FDIC-insured New York State chartered bank.
- All customer fiat funds are segregated and legally distinct from our business and operating accounts.
- All customer USD fiat funds are eligible for FDIC insurance, subject to applicable limitations.
- Two-Factor Authentication (“2FA”) is required for every user account and may be required for actions other than session login, such as withdrawals.
- Strong passwords are required for every user account.
- All passwords are cryptographically hashed using modern, proven standards.
- Other sensitive user information is encrypted both in transit and at rest.
- Rate-limiting is applied to certain account operations such as login attempts to thwart brute force attacks.
- All website data is transmitted over encrypted Transport Layer Security (“TLS”) connections (i.e., HTTPS).
- We do not share client data, our TLS private key or access to our TLS private key with any third parties or vendors.
- We leverage the content-security policy (“CSP”) and HTTP Strict Transport Security (“HSTS”) features in modern browsers.
- We partner with enterprise vendors to mitigate potential distributed denial-of-service (“DDoS”) attacks.
- Internal-only sections of our website use separate access controls and are not exposed to the Internet.
We typically only include links to public blog posts or other information relating to product announcements, and will never include unsolicited links to unaffiliated domains. We’ve also instituted policies for the gemini.com domain (and its subdomains) which signal to the largest email providers (e.g., Gmail, Yahoo Mail, Hotmail) to reject email messages that do not originate from sources we have explicitly authorized. Regardless, customers should always be careful when clicking on links in emails received from suspicious sources, or emails that just seem out of the ordinary. Please always take a second look at emails which look suspicious. You can contact firstname.lastname@example.org to verify an email’s authenticity, and we also encourage you to forward suspicious email messages to email@example.com.
- Multiple signatories are required to transfer funds out of Cold Storage.
- Our CEO (Tyler Winklevoss) and President (Cameron Winklevoss) are unable to individually or jointly transfer funds out of Cold Storage.
- Our offices do not store or contain anything of value. All private keys are stored offsite in secure facilities (see Digital Asset Security above).
- All employees undergo criminal and credit background checks, and are subject to ongoing background checks throughout their employment.
- All remote-access by employees uses public-key authentication – no passwords, one-time passwords (“OTPs”) or other phishable credentials are allowed.
If you have any questions or concerns about your Gemini account – or believe there has been an unauthorized login attempt and/or transaction that you do not recognize – please email our customer support team at firstname.lastname@example.org or call user support at +1 (866) 240-5113 (toll-free in the USA).
Reporting Security Issues
If you believe you have identified a security vulnerability on our online platform, we would like to hear from you. Please email us at email@example.com. You can use our PGP key to the right to encrypt your communications.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFVaReMBCADbIcsrtwLMpKTUQ0xQfD4vbbh45s4LA1kPMbTqNCuwZGIn+yZ7 5dGQISyZJiYqEOFgBcFfHk3OYFLva1FDwhXcrMltvIVDLcTGrNxRh9627uRsiBn2 3yOZsnL1bAXuCQcnqJ7Yu2DCe+579uN3FHCFHXWh+0r/r7SPi9ch6iMMOIZKe+h8 Z+edctNCZ8C9rV/u3XlSUqs7ZknBgDD9+qag2/xqtiX+zP3jqJgGUPld9id72JcI YK//+h62r9ZLfMZQUTOXRwL2exGB10MnCPAO1FaCVo85ER+gOP+/iNZaC5BW9eEN Lruy5Aa/ulywrUKtTcdBL+eZUezR3vhMaNWfABEBAAG0MEdlbWluaSBTZWN1cml0 eSBUZWFtIChSRFApIDxzZWN1cml0eUBnZW1pbmkuY29tPokBPQQTAQoAJwUCVVpF 4wIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRARL8/n/whNB87H CADCQroXV4Zvs+QS7f/0nMBjGNWHT/BrXh0B/3zR+2tPRSSLD4kWjEk9ivfXXK9K ec9B1xZwo30a6N+laovdFcJiisiOqQDWBKM+ygvEZhDHJs2VAVIYjvsZwd2uNVN6 V6II36MPJlS4a3Gr6GyqbrWjzWlLE8WWJobzt1D4UlBifXVop1tvI9Ce7OTVr6+2 g+5LDHY+4u9VJRe0moMB/CpQDIaszD/lzdbaiz9tShznIjkAVsmLXFk82MG8vwqM 565ClNPg+dTRkik0KM4pBMRLTW/H0dWZHqgRMNqR8ktGIPP14czec6dbzq8rN9sZ ASxlw65WondtNdN+5hJREacQuQENBFVaReMBCADUG5ngSMvvOiTpUKAXL0o9EnvV Jno0O6iv6LwYN87q6n8BQ+p6+gfjAfJ4ziaXIx6Dso+c9lTkOFWCleZrZqYOTZpT BsziUasRr8Sw4HB//G9rhjM/cGaqi7iQdEr8Lv3m4KbamNjyh7MbXUNdzKMlK6bb 3hVl/5Bvle3sNAdcpp5IX0M7/ZVKM/O5j61k/QJZJapMHmNHqE/cY06iizW5b3fb VTi85xIZqTiLWAX6Rx1rg5tmVhK2FQ70Ud5hKEI2w1XUuFlm7B6FVeHmnrXGd7ww sPT7TE3nFpY+q25Epx2ocVkaMU3Ct3L9eP3MzB4eB+tAHpY4Lzyx9O5/c5stABEB AAGJASUEGAEKAA8FAlVaReMCGwwFCQPCZwAACgkQES/P5/8ITQciYwgArl69GZXk NgcMT+NzItKVCO8OU6HBiakqxYstAnvWMJPVhJlkuowDklO03mQl9INtQV0HjYiv JXjd12yF3SOqFxM4SqITvQxCSWKpUBI0Aj+6YelVE/rkN9ZlXc/yNamq1TQhvhIn QoPQ83drRT8KUYo8zdlkZAsu2bBcSWqKLO2D2zyeTJADm+CjzVdLOWEQWkU2bz/D snQjqy6S1Bm37A5cznCWW2hF8v6SOmVHDgshqNO6S5oXNCnZ8Md637YsHQ/7D8Cg ugvSfJoBjwDsV3OL9ztW7zSPm/T/teDivA4SH3qvtzdeD0T21jLmPuc7dLlsbtRJ Zfif9oeGk+E3fg== =za+3 -----END PGP PUBLIC KEY BLOCK-----
Vulnerability Disclosure Philosophy
Our security team supports responsible disclosure. We will acknowledge valid and original (i.e., the first reported instance) discoveries on our website with the name of the security researcher(s) responsible. While we do not have a formalized bug-bounty program at this time, we may choose to do so in the future. In the event that a monetary rewards system is developed, we may, in our discretion, pay monetary rewards in bitcoin, subject to applicable laws.
Our commitment to security researchers is simple: we will not retaliate against researchers who report issues privately and in a responsible manner. We will do our best to reply to reports in a timely fashion and periodically update you on our progress with respect to investigating or remediating any issues you may have identified.
Gemini Security Team