Recent events at Binance have had many of our users understandably concerned. People that use our service also use other services that require API keys for access to private exchange data such as wallet info and to execute trades. Here is a brief overview of how our security model differs from and is safer than most.
Many services, especially ones offering to trade through websites, store all your keys on their own servers. This carries a very high risk as it means that they have a single point of failure and one hack can compromise all of your funds. Our desktop platform is different in nature, so we took a different approach. Much like the decentralized nature of the blockchain, we asked ourselves “What if a user can be in control of their own keys at all times?”
“What if a user can be in control of their own keys at all times in a decentralized way?”
That means your keys are never stored on our servers, and instead stored locally on your own computer. Furthermore, all exchange requests (such as placing orders) go directly between you and the exchange. We never access your keys or even know what they are.
This means that in the unlikely event that we were to be hacked, there are no keys to take from our servers. In fact, there is nothing to take at all so the hackers would waste their time.
Having physical access to your computer is the only way a hacker can get your keys. Even that is not enough as they are encrypted with your credentials. In other words, not only do they need access to your computer, but they also need to know your credentials.
Note: Use strong passwords.
We use high standard AES encryption for your keys, and hash your password using BCRYPT. Even Tradedash does not have access to your keys or other personally identifiable information. Your accounts are safe.
We follow best security practices and our model gives you full control. Your keys are encrypted with your credentials and can only be decrypted with your credentials. Even in the unlikely event that our servers were to be hacked, your exchange accounts would be safe as your keys are stored locally.
We are committed to providing great tools with the best possible security model. If you have any feedback or questions, please let us know.
Note: If you think any service you use may be compromised, make sure you invalidate and re-create your API keys.