At the end of the day,
our goals are simple:
safety and security.

Secure. Standard. Scalable. Safe. Easy. Transparent. Tested




Encryption of sensitive data and communication

Please Note - BuyUcoin User Passwords are encrypted and hashing, along with the salting algorithm that means even we cannot login as you.

All the requests are encrypted with AES-256 and protected by CSRF Token Authentication for fraudelency checking.

BuyUcoin's infrastructure for storing, decrypting, and transmitting data runs in separate hosting infrastructure, and doesn’t share any credentials with BuyUcoin's primary services (exchange, wallet, etc.).



95% of customer funds are stored offline

Offline cold storage is a preferred and standard method of protection of cryptocurrencies against theft or loss. We distribute cryptocurrency geographically in safe vaults in confidential locations.

The cold storage wallets are kept in geographically isolated locations at anonymous combinations of latitudes and longitudes.

The funds in offline cold storage require manual intervention by several members of our Board of Directors and Executive Desicion.

Our platform only allows less than 5% of our user's crypto assets to be accessible in hot wallets for trading exchange on our orderbook.

HTTPS and HSTS for secure connections

BuyUcoin forces HTTPS for all services using TLS (SSL), including our public website and your Account.

Buyucoin.js is served only over TLS. BuyUcoin’s official libraries connect to BuyUcoin servers over TLS and verify TLS certificates on each connection.

We use HSTS to ensure browsers interact with BuyUcoin only over HTTPS.




Security is one of the biggest considerations in everything we do.

BuyUcoin continually updates the end-to-end security measures, improving auditing processes, and reducing the 'attack surface' of our infrastructure. Please note that we cannot disclose too many details of the security measures implemented on the platform for our user's security and proprietary technology reasons. If you have any questions after reading this, or encounter any issues, please let us know.


User Account Protection
  • Two-factor authentication (2FA).

  • Limit access to your account based on IP address.

  • Account locked if multiple wrong passwords entered

  • Double encrypted passwords in database.


Platform Security
  • Login data is saved and analyzed for unusual activity.

  • Always up-to-date Linux systems to host the platform.

  • Automatic backup of the database once a day.

  • Protection from DDoS attacks.


Physical Security
  • All the locations of backups are known to only few.

  • 24 X 7 monitoring of the cold storage wallets and backups.

  • Separate passwords for each device.

  • Background checks on all employees.