We are committed to undertaking the best security measures to protect your cryptocurrency and personal information.
We employ multiple strategies to protect our customer’s assets and information, including data encryption, Transport Layer Security, periodic security audits and best practice organisation security. We also utilise advanced machine learning techniques to recognise suspicious logins, account takeovers and financial fraud.
CoinJar was founded in 2013 in Melbourne, Australia. We’re backed by some of Australia’s top investors, and we are registered with the Australian Transaction Reports and Analysis Centre.
At least 90% of our customers’ digital currencies are stored offline in geographically-redundant, secure locations. Wherever practicable, we use multi-sig technology to protect digital assets that must be stored online. We maintain full reserves at all times, with sufficient assets to cover customer balances with matched durations and currencies.
Learn more about Security
- InfrastructureOur infrastructure is hosted on Amazon Web Services, which offers a secure environment for CoinJar services with capabilities of access control, data encryption, monitoring and isolation.
Our internal networks are protected by firewalls and not exposed to the internet, and all internal traffic is also encrypted to the same standard as external services. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact.
All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTP requests.
- Organisation SecurityAll CoinJar employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server.
As part of our hiring process, candidates must pass criminal background checks before becoming a CoinJar employee.
- CommunicationWe keep our members updated in real-time using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
- Bug BountyWe work with an active community of security researchers through our Bug Bounty Program to continually improve the security of CoinJar and our members’ funds.
Protect your CoinJar
- 1. Choose a complex password
- 2. Set up Two-Factor AuthenticationChoose from SMS or TOTP authentication to set up Enhanced security.
- 3. Always check the website URLEnsure the website you’re visiting has an authorised CoinJar domain before signing in.