Crypto exchanges have lost billions. 42project never custodies your funds. Your keys stay encrypted, scoped to trade only, locked to our IPs. Here's exactly how.
Crypto exchanges have lost billions. 42project never custodies your funds — your keys stay encrypted, scoped to trade only, locked to your IP.
Read security whitepaperAPI keys wrapped in KMS-managed data keys. Plaintext never touches disk. Compromise of the database alone is insufficient to decrypt.
42project refuses any API key with withdrawal permission enabled. Even if our servers were owned, your funds cannot leave the exchange.
Trade orders originate from a small set of static IPs. Required by every supported exchange. Locks your key to our infrastructure.
TOTP 2FA is enforced — no opt-out. Every login, every trade, every key change is signed and logged in an append-only audit chain.
Every exchange API key you store is encrypted with a per-record data encryption key (DEK). That DEK is itself encrypted with a key encryption key (KEK) held in a hardware-backed KMS. The DEK is stored alongside the ciphertext; the KEK never leaves KMS. To decrypt a key, an attacker would need both the database AND active KMS credentials AND the ability to call KMS — three independent breaches.
On account creation, we read your API key permissions from the exchange. If withdrawal is enabled, we reject the key with a clear error message and refuse to store it. This is a hard constraint, not a setting. Even with full server compromise, no attacker could move funds off the exchange — only place trades, which can be reversed.
All trade requests originate from a small, published set of static IPs co-located with each exchange. You configure these IPs as the only allowed origins on your API key. The exchange itself rejects any request from elsewhere — even if our infrastructure were compromised, a request from anywhere else would be denied at the exchange layer.
Every meaningful action — login, key change, bot deployment, order — is signed with a server-side key, written to an append-only log, and made queryable from your account settings. You can audit exactly what happened, when, from where, and who initiated it. This log is also forwarded to your registered email for any high-impact action.
Before public launch we engage an independent firm for a full pen-test, with the report published. We run a continuous bug bounty program with payouts up to $25,000 for critical issues. SOC 2 Type II audit begins six months after launch. We do not wait for an incident to invest in security.
Set up your first bot in under 90 seconds. No credit card. No commitment. Withdrawal permission denied by default.