Dear community,

While summer is a quiet time for most companies and financial markets, the Covesting team didn’t have any time to relax due to the hard work required each and every day to meet the tight deadlines of our roadmap.

Sense of purpose. Reliability. Leadership. These are Covesting’s three main values, and we are working hard to ensure that they become synonymous with the Covesting platform. We are getting close to achieving the goals we set a year ago, and the platform is close to becoming a reality.

Security

Covesting takes the safety of our client’s funds and the platform security very seriously. Our security team implements the best industry practices to mitigate security risks and develop a reliable world-class trading platform.

In July, we performed several major security tests to our platform with the involvement of independent and in-house security experts. Following the results of these tests, we further improved the architecture of the platform. We are pleased to tell you that no critical security breaches were identified.

We also added some advanced security settings to the settings screen of the platform which includes withdrawal address whitelisting, API management and additional email confirmations for specific actions.

Security settings

Withdrawal address whitelisting adds additional layers of security for all our users. Users can only withdraw funds to addresses which were previously added to the list and confirmed by both email and Google 2FA (if it is enabled). This means that even if someone gains unauthorized access to the account — the only address where funds can be sent is to users with whitelisted address. No third-party fiat withdrawals are allowed.

As previously discussed, only a small amount of funds will be held in the online (hot) wallet to facilitate small withdrawals instantly, while the most of our client’s assets will be securely held in the offline (cold) storage and with Tier 1 banks and 3rd party liquidity providers.

In order to secure the hot wallet transactions, the Covesting security team has set up the cloud HSM module which encrypts the private keys by using the secp256k1 ecliptic curve.

The security testing will be an ongoing process. We are also in negotiations with top IT security companies that will conduct security audits of Covesting Exchange before we open our doors to the public. Periodic security audits and penetration tests are required by both regulators and by our own development policies.

For more detailed information please refer to the security section on our website.

Development

The launch date of the platform is quickly approaching, and we are happy to share some development insights with you.

During the course of July, our team had to work twice as hard as normal. This is because the tech development turned into 3x of what we have originally planned due to the strict requirements of the GFSC and our compliance team. We had to build such modules as Tx monitoring from scratch in order to recognize patterns of suspicious money laundering transactions, as well as full scale on-chain Tx analysis to monitor and report addresses which potentially used funds received from the darknet, hacked addresses and more to fund the accounts at Covesting.

Here is how ongoing onchain Tx monitoring and client profiling looks in action: