Within the dynamic and rapidly expanding digital asset ecosystem, Bitvavo offers a reliable and trusted all-in-one solution where clients can exchange and store over 50 digital assets. Bitvavo has taken numerous steps to make its trading platform as secure as possible. This security-centered approach has led to Bitvavo becoming the leading digital asset exchange in the Netherlands, with thousands of new clients and 2.5+ billion euros of exchanged digital assets in the past 30 days, and one of the leading digital asset exchanges in Europe.
Bitvavo is proud to announce the latest addition to its extensive security measures. As of today, Bitvavo is the first digital asset provider in the Netherlands with an insured cold storage solution. Bitvavo aims to be at the forefront of regulatory compliance, technological innovation, and security in the digital asset industry, which is developing at an increasing speed.
About Cold Storage
The data is clear that today, the most likely client loss scenario for any digital asset company is a loss due to hacking. To address this risk, Bitvavo stores the vast majority of clients' digital assets offline at secure and insured custodial partners, and these digital assets can only be moved after manual action, which is regulated by strict access protocols.
Trusted European custodial partners
Bitvavo integrated the custody solutions of Coinbase Custody International, which is a standalone custodian and currently the most popular custodian in the world, having digital assets with a value of EUR 10+ billion under management, and Copper Custody, which is offering award-winning custody technology for among others, small-cap digital assets.
Insured up to $755 mil
Our European custodial partners are fully regulated and have their solutions insured for hundreds of millions of Euros. Coinbase Custody International, for example, holds a crime policy with a $255 million limit placed by Lloyd’s registered broker Aon and sourced from a global group of A XV/A+ rated insurers which are based in the US and UK, including certain Lloyd’s of London syndicates. And Copper.co has $500m of insurance for digital assets in cold storage.
At both custodial partners, multi-signature wallets are used, which require multiple individuals to authorize a transaction before digital assets can be transferred.
Additional Security Measures
Besides the custody solution, Bitvavo has taken a wide range of additional security measures to protect the funds (and data) of its clients, including:
External security audits
Multiple different specialized IT security firms review our Code. In addition, penetration tests are executed to try to breach our systems. On each major code change, this process is repeated to maintain the resilience and level of security of the Bitvavo systems.
Certified data centers
Bitvavo uses data centers compliant with the following certifications: ISO 9001, ISO 27001, ISO 27017, PCI DSS Level 1, and SOC 1 - 3. These standards help Bitvavo to achieve first-class security and compliance in its cloud infrastructure.
Uptime & redundancy
To ensure reliable access, Bitvavo hosts vital services in multiple availability zones with automatic failovers. In case of an outage, these failovers automatically redirect traffic to available services.
Critical data is stored offline
Critical data is stored in bank-grade vaults with 24/7 monitoring, distributed among a multitude of different geographic locations, to protect against potential destructive physical risks such as fires or environmental disasters. All the vaults meet the strict requirements of safety category 4+. This is the highest security category in the Netherlands.
Bitvavo uses extensive logging for employee access and employs advanced monitoring tools to detect abnormalities and uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.
Security reward program
Bitvavo acknowledges that any platform can contain security vulnerabilities; there is no such thing as absolute security. Bitvavo has established a reward program for discovering potential exploits and security vulnerabilities.
All Bitvavo employees have passed a background check and have provided a certificate of good conduct. The Bitvavo team organizes regular internal training to raise awareness and educate its members regarding security-related matters and best practices.
Stichting Bitvavo payments
A foundation, Stichting Bitvavo Payments, has been established, which operates exclusively for Bitvavo and functions as a bankruptcy-remote vehicle for safeguarding users’ funds.
Bitvavo Account Guarantee
If, despite our security measures, someone gains unauthorized access to your Bitvavo account and misappropriates funds, you may be eligible for reimbursement of up to EUR 100,000 under our Bitvavo Account Guarantee program. You can find the terms of the Bitvavo Account Guarantee here.
Protect your Funds
Besides the regular security features such as device confirmation, failed login notifications, and user log insights, Bitvavo offers various additional options to enhance the security of your Bitvavo account. Bitvavo suggests the following steps to protect your funds and data:
Use a unique and complex password
As a general rule you should create various strong passwords for each service you use on the internet. A strong password consists of at least 8 characters, including uppercase and lowercase letters and symbols. You should not use dictionary words. We recommend using a completely random password because this is practically impossible to guess.
Set-up an anti-phishing code
Phishing is the fraudulent attempt to obtain sensitive information, such as usernames and passwords, by impersonating Bitvavo or its employees. To reduce phishing risk, we recommend setting an anti-phishing code. After having your anti-phishing code set, your anti-phishing code will be included in every Bitvavo email you receive.
Enable Two-Factor Authentication (2FA)
Two-factor authentication, or 2-step verification, is a security layer besides your username and password. With two-factor authentication enabled on your account, you must provide your password (first factor, something you know) and your two-factor authentication code (second factor, something you have physical access to) when signing in to your account. Two-factor authentication codes are associated with a specific device, such as your mobile phone.
Adress Book for crypto withdrawals
The address book is another security feature offered by Bitvavo. To be able to withdraw crypto to an address, it will need to be added to your address book.
Use a hardware wallet
One of the main benefits of digital assets is that you do not need to trust third parties like banks or exchanges, such as Bitvavo. We always recommend storing your digital assets on your own hardware wallet. This ensures that you have full control over your own digital assets without interference from third parties or malicious actors.
Limit access to API keys
When setting up API credentials, please ensure access is only enabled for the required features. It is strongly recommended to use the IP whitelist for API credentials to add an additional layer of security to the API access for your account.
It is important to implement these security features as the Bitvavo cold storage solution does not cover any losses resulting from unauthorized access to your Bitvavo account. It is your responsibility to use a strong password and maintain control of all login credentials you use to access your Bitvavo account.