Security at Atomic.
Protecting your capital is the foundation of everything we do. Below is a clear summary of the controls, custody, and practices that keep your account and assets safe.
Encryption Everywhere
All traffic to Atomic is encrypted in transit with TLS 1.3. Data at rest — including personal information, trading history, and wallet metadata — is encrypted with AES-256. Encryption keys are managed via a hardware security module (HSM) with strict rotation and access policies.
Account Protection
We require strong passwords, support multi-factor authentication (MFA), and verify new devices before granting account access. A transaction PIN is used for sensitive actions such as withdrawals and bank changes. Sessions expire automatically after inactivity.
Qualified Custody
Crypto assets are held with regulated, qualified custodians using multi-signature, bankruptcy-remote cold storage. Fiat balances are held in segregated accounts at insured banking partners. Customer assets are never commingled with operating funds and are not lent out without explicit consent.
Infrastructure & Access
Production systems run on hardened cloud infrastructure with least-privilege access, full audit logging, and continuous vulnerability scanning. Employees access sensitive systems only via MFA and short-lived credentials. Code changes go through peer review and automated security testing before deployment.
Monitoring & Fraud Prevention
We continuously monitor account activity for anomalies and use risk-based controls to detect account takeover, unusual withdrawals, and suspicious trading. Suspected fraud triggers additional verification and, when warranted, temporary holds to protect your funds.
Reporting a Vulnerability
We welcome reports from security researchers. If you believe you have discovered a vulnerability, please email security@atomichaininvest.com with a clear description and steps to reproduce. We commit to acknowledging reports promptly and to acting in good faith with researchers who follow responsible disclosure.
No system is perfectly secure. Always use a strong, unique password, enable MFA, and never share verification codes with anyone — including people claiming to be Atomic staff.