Cold storage
The majority of digital assets are held in cold storage, separated from the hot wallets used for daily liquidity, with on-chain withdrawals signed in an isolated signer service.
Security at Coinwaka
Your assets and data are protected by layered security controls - cold-storage custody, strong authentication, encryption, and continuous monitoring.
Security pillars
Passkey & 2FA
FIDO2 passkeys, TOTP authenticator apps, and recovery codes. A transaction PIN is required on withdrawals, with 2FA on higher-value transfers.
Anti-phishing code
Set a personal code that appears in every legitimate Coinwaka email, so you instantly spot fakes.
Device management
View all authorized devices. Instant sign-in alerts. Revoke access with one click from any screen.
Proof of reserves
We are building toward signed on-chain reserve attestations. Until the first is published, assets are held in segregated wallets with withdrawal controls.
Real-time monitoring
Automated anomaly detection and withdrawal-risk scoring on sensitive activity, with alerts on new sign-ins and devices.
Security practices
Two-factor authentication (2FA) & passkeys
Anti-phishing codes on emails
Encryption of sensitive data at rest, TLS in transit
Withdrawal address review & controls
KYC identity verification & AML screening
Device & session monitoring with login alerts
Role-based access control (RBAC) for admin actions
Audit logging on sensitive operations
Bot protection & WAF at the edge
Risk-based transaction monitoring
Security & transparency
Found a security vulnerability? We welcome coordinated, responsible disclosure and credit researchers who help keep Coinwaka safe.
Responsible disclosure