Get peace of mind with world-class security at CoinRexPay

Your funds are protected by layered security, hardened infra, tight access, active monitoring, and swift response.

verified_user Our controls bug_report Report a vulnerability

Our security pillars

Multiple layers working together to protect your account and assets.

dns

Hardened infra

Network segmentation, private subnets, locked-down security groups, WAF & DDoS protection, CIS baselines.

key

Strict access

Principle of least privilege, SSO + MFA for staff, hardware-backed keys for sensitive ops, mandatory code review.

visibility

Continuous monitoring

Centralized logs, anomaly & threat detection, automated alerts, immutable audit trails, regular third-party testing.

policy

Operational rigor

Change management, break-glass procedures, documented runbooks, tabletop exercises, and post-incident reviews.

account_balance

Custody & key management

We use a tiered custody approach: the majority of assets in cold storage with geographically distributed key shards and dual-control procedures; hot wallets are rate-limited and monitored 24/7.

Multi-party authorization for movements above thresholds
Transaction allow-listing and velocity limits
Routine key ceremonies and disaster recovery drills

cloud_lock

Platform security

Services run in isolated VPCs with encrypted storage and service-to-service auth. Images are scanned, dependencies pinned, and secrets rotated automatically.

Encryption in transit (TLS 1.2+) and at rest (AES-256)
SBOMs, signed images, and provenance verification
Backups with periodic restore testing

lock

Account safety

Your account includes modern protections, and we encourage you to enable all recommended controls.

2-factor authentication (TOTP / Passkeys supported)
New device checks & login alerts
Withdrawal review windows & address book allow-listing
Session management: view and revoke active sessions

campaign

Stay safe online

We’ll never ask for your password or 2FA codes.
Always check the URL and padlock before signing in.
Bookmark www.coinrexpay.com and use that bookmark.
Beware of “support” impostors on social media.
Enable device biometrics where available.

Security tips

Compliance & certifications

We align with industry standards and regulatory expectations.

SOC 2 (in progress)

Controls mapped to SOC 2 trust principles; independent audits planned/underway.

ISO-aligned practices

Policies & processes aligned to ISO/IEC 27001/27002 best practices.

KYC/AML & monitoring

We maintain robust KYC/AML controls, transaction monitoring, and reporting programs.

Responsible disclosure

Security researchers help keep our community safe. If you discover a vulnerability, please tell us so we can fix it quickly.

Avoid accessing, modifying, or exfiltrating data that isn’t yours.
No DDoS, spam, or social engineering against users or staff.
Give us reasonable time to remediate before public disclosure.

mail security@coinrexpay.com gavel Program terms

new_releases

PGP key (optional)

If you prefer, encrypt your report with our PGP key. We rotate keys periodically.

-----BEGIN PGP PUBLIC KEY BLOCK-----
[ DuAODcde4APDOAAIAD ]
-----END PGP PUBLIC KEY BLOCK-----

Status & transparency

We communicate openly about incidents and uptime. Subscribe for maintenance windows and real-time updates.

circle Status page rss_feed Engineering blog

support_agent

Incident response

Dedicated on-call rotations, defined SLAs, stakeholder comms, and post-incident reviews that drive corrective actions.

Security FAQ

The majority of user funds are stored in cold custody with strict multi-party controls; operational hot wallets are actively monitored and rate-limited.

We support TOTP apps (e.g., Authenticator) and modern passkeys on compatible devices/browsers. We recommend enabling them in Settings.

Yes. We conduct regular internal and third-party testing, including app, API, and infrastructure layers. Findings are triaged and tracked to closure.