Security

1. SSL Communication

   In order to protect our customer's personal information, bitFlyer encrypts all customer related data communication.

   bitFlyer uses higher strength encryption technology than major financial institutions in its communications with customers. TLS1.2 is applied to all connections to bitFlyer, which are encrypted and authenticated using AES_128_GCM. ECDHE_RSA is used as the key exchange mechanism.

   You can confirm that a website carries out encrypted communication by checking that:

   • the URL displays an image of a key
   • the URL displays "https://" rather than "http:"

   You can clearly see the presence of an encrypted communication by clicking on the key symbol.

2. Adoption of DigiCert SSL server certificates

   

   bitFlyer has adopted SSL server certificates issued from DigiCert.

3. Adoption of DigiCert SSL server certificate's highest level EV.

   

   EV stands for Extended Validation, and is what authenticates that the organization described in the certificate exists legally and physically, and that this organization is the owner of the domain described in the certificate. EVSSL has authentication guidelines of global standards, and has the most rigorous server certificate examination. If a website has EVSSL, its address bar becomes green and its business organization shall appear on the site. (※ Browsers such as Internet Explorer 7.0 or later, Firefox, Safari, Google Chrome).

4. Adoption of SHA-2 (SHA-256)

   SHA, a standard used by the United States government, is a highly secure hash function (data compression summary method). It is possible to verify the presence or absence of data tampering by comparing hash values ​​for both transmission and sending of data summary values. Since the time of SSL server certificate D7applications, hash functions known as SHA-1 and SHA-2 were the primary standards. As of today, many financial institutions have adopted SHA1 as their internet encryption technology. In recent years, however, security vulnerabilities within SHA-1 have been identified. If the vulnerabilities of SHA are taken advantage of by an attacker, the attacker can generate a different certificate with the same signature as the original certificate - this means that the attacker can operate a third party site masquerading as the true site. In the case of SHA-1, in theory, there is a 1/2⁸⁰ chance that this vulnerability can be exposed. SHA-2, which bitFlyer has adopted, surpasses the security strength of SHA-1, reducing the chance that a vulnerability is exposed to 1/2¹²⁸. This number, approximately 340 x 10³⁶, makes exposing a vulnerability within SHA-2 to a likelihood similar to finding a single grain of sand from all the beaches worldwide - impossible from a practical sense.

5. Adoption of SSL for internal communications

   bitFlyer uses SSL for internal communications.

1. Filtering function: Check the packet to be passed, allow only the packets that are permitted in advance to pass, and block all other packets.
2. Address conversion function (NAT): This is a function that rewrites the packet source and destination address. The presence of the internal client can be hidden from the server of the other party to the communication. Since it is not accessible from the outside, the security of the internal host is strengthened.
3. Remote control, monitoring function: This is a feature which allows firewalls to be set or logs to be checked from another computer.

1. Inspection function: Check the HTTP communication based on the detection pattern

   The inspection function is the ability to check the HTTP request and HTTP response in the HTTP communication based on a defined detection pattern. The detection pattern defined in the inspection function is comprised of a "whitelist" and a "blacklist".

   If the HTTP communication is examined using the whitelist, and the content of the HTTP communication does not match the specified value or pattern, the WAF will specify the HTTP communication as unauthorized.

   If the HTTP communication is examined using the blacklist, and the contents of the HTTP communication matches an invalid value or pattern, the WAF will specify the HTTP communication as unauthorized.

2. Handling function: Run the process for handling HTTP communications

   The handling function is the ability to handle unauthorized HTTP communications detected through the inspection function and the like, according to a defined process. The three methods which can be defined are pass-through processing, error handling, and blocking.

   Pass-through processing is a way to either handle an unauthorized HTTP communication as is, or send it to a website. This method is generally used in cases such as inspecting HTTP communications at the time of WAF implementation, or recording an unauthorized HTTP communication that is detected.

   Error Handling refers to the process through which a WAF generates an error response and sends the error response to the user or web site, rather than sending the unauthorized HTTP communication detected.

   Blocking refers to the method of intentionally discarding unauthorized HTTP communications that have been detected. When the WAF discards the HTTP communication, one of the following methods are utilized: Send an HTTP communication disconnection response to the user or website, or send nothing in response to the HTTP communication.

3. Log function: Record the activities of WAF

   The log function records unauthorized HTTP communications detected through the inspection function and WAF activity. Generally, WAF logs are recorded in a file or database. There are two types of logs: The record of unauthorized HTTP communications and their handling, and the record of WAF activity and error information. From this record, it is possible to check the detection and number of handling events for unauthorized HTTP communications, and eliminate the effort involved in updating detection patterns.

In communications through IP Anycast, one IP address is assigned to multiple devices on the Internet simultaneously and shared. In all nodes, by operating the same service in the shared address, the setup is such that the same service is provided regardless of which node does the handling. By implementing IP Anycast, it becomes possible to distribute requests to multiple servers and multiple locations, and the service can be protected from DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks. For example, a DoS attack from one place is localized to the closest node network wise so that other nodes are not affected. Also, because DDoS attacks are distributed across multiple nodes, the effects can be suppressed. Thus, by implementing IP Anycast, it is possible to improve the performance and resiliency of the DNS server. bitFlyer uses multiple layers of security to defend against DDoS attacks.

When you log in to bitFlyer, if you enter the password incorrectly a certain number of times, your account will be locked. This is to protect customer accounts from attacks such as brute force attacks.

Two-step authentication function can be set by SMS, e-mail address, or an authentication application. For normal services, login is achieved through authentication of ID and password. However, when connected to the internet, this service can be accessed from anywhere, and as such security may be breached when ID and password pairs are stolen, or a malicious third party obtains the ID and runs a brute force or dictionary attack to forcibly login. This is where, in addition to the original ID and password, an additional six digit number known as an authentication code is entered, hence strengthening security. Because the authentication code changes over time, as well as whenever a login occurs, even if a malicious third party steals the ID and password, obtaining access will be more difficult.

Each time you log in to bitFlyer, a login confirmation email is sent to your registered e-mail address from bitFlyer that includes a link to freeze your account. This is done so that in the event a third party logs in to your account, you can immediately freeze your account. Additionally, after logging in, you will be able to confirm your login history, including IP address, date, and time.

To prevent unauthorized operations by a third party, you will be logged out in the case that there are no operations performed in a fixed amount of time.

Multi-sig is the latest in Bitcoin security measures designed to ensure that your Bitcoin transactions are safe. Unlike a typical Bitcoin address, multi-sig Bitcoin addresses require two or more separate signatures to send Bitcoin. The number of signatures required is represented as a proportion of the total number of possible signatures - for example, 2 out of 3 means that 2 signatures are required out of 3 possible signatures before Bitcoin can be sent.

Multisig allows for extremely secure wallets, as even if a private key is leaked or hacked, unless all keys required have been compromised, no coins can be released from the wallet. It is extraordinarily difficult for an attacker to penetrate 2 or more highly secure platforms within a short period of time.

Storing one of the required addresses in a location that is not connected to the internet provides an even further level of protection and security.

To protect our customers' funds, almost 100% of bitFlyer owned bitcoins are stored in a cold wallet that is isolated from the network. The cold wallet is protected by several physical locks as well as a robust 24-hour surveillance system.

The source code for the generally available Bitcoin daemon is available to the public, and as such, there is a risk that potential vulnerabilities could be identified and exploited. Due to this, bitFlyer has developed a proprietary Bitcoin daemon to reduce the probability of an attack. In the small chance of any issue with the proprietary daemon, it is possible to cross check the behavior of the bitFlyer daemon with the commonly used daemon (bitcoind), and modify the proprietary daemon immediately as appropriate.

When patches are released to fix a variety of OS issues including security, they will be downloaded and updated automatically. Information regarding the latest patch releases is checked frequently to ensure the most recent security patches are applied.

All customer information is stored in encrypted form.

bitFlyer systems are constantly undergoing checks. As an example, in the case there is even a slight amount of inconsistent data in customer Bitcoin or JPY deposit balances, the system will forcibly shutdown in order to minimize damage. In the small of event of an issue, the system is designed to respond quickly to prevent larger damage.

XSS is an attack technique in which a malicious program is fed to site visitors via a vulnerable website. The below basic and specific measures have been taken to prevent XSS.

A SQL Injection is a method to illegally access or operate the database of a web application. Secret information, data leakage, or tampering of important data or personal information is possible with this type of attack. The below basic and specific measures have been taken to prevent SQL Injection.

CSRF is a type of malicious exploit of a website whereby HTTP requests from an external web page which should be denied are executed on the website. CSRF attacks can cause sites to perform unauthorized processing, illegal or nuisance writes, redirection to unauthorized sites, or DoS attacks due to large amounts of illegal writes. The below basic and specific measures have been taken to prevent CSRF.

Brute force attacks are an attempt to decrypt or decode passwords, encryption, encryption key lists, or other ciphers by attempting to use all possible character combinations.

Dictionary attacks are attempts to use user password candidates prepared in dictionary form in an attempt to gain access to a target website.

Reverse brute force attacks are a variation of the brute force attack. In a normal brute force attack the login ID is fixed, while the attack targets the password. In a reverse brute force attack, the password is fixed while the attack targets the login ID.

Basic and specific measures have been taken to prevent brute force, dictionary, and reverse brute force attacks. Some of these measures are introduced in the Login field.

We do not store customer passwords in plain text form. Passwords are stored in the form of hash strings. Consequently, even if the password hashes are obtained by a third party, it is practically impossible to derive the original password from the hash strings.

A hash string is a random string generated from a customer password via multiple hashing operations with salts. Recovering the original password string from a hash processed via multiple salts would require an astronomical amount of computing time and electricity expenditure, making it virtually impossible.

Access to the terminal and services is controlled based on the connection source by IP address. Only connections from pre-registered IP addresses can access the terminal and services, and access from third parties is restricted.

If illegal operations related to bitFlyer services are detected, alerts will be automatically sent to employees by the self diagnosis system. This allows bitFlyer to be able to react quickly in the small chance of illegal access or operations performed.

A cryptographically secure pseudo random number generator (CSPRNG) satisfies the following 2 conditions:

(1) There is no way to guess the next bit to be generated from the current generated bit sequence with a greater than 50% probability.

(2) Even if the middle of the internal state of CSPRNG is revealed, the past random number sequence can not be reproduced.

The quality of the random numbers is secured with (1). As such, an attack by an attacker who is aware of the middle of the internal state of CSPRNG can be withstood.

By using CSPRNG for generating private keys and digital signatures, these types of attacks can be prevented.

Identity verification by bitFlyer is performed multiple times. Through multiple identity verifications, we endeavor to prevent spoofing attacks of customers by third parties. We appreciate your cooperation in these matters.

As an example, customers cannot change their registered information directly via the website after the corresponding information is confirmed by bitFlyer.

Instead, bitFlyer will proceed to update the requested information after confirming the customer's personal information over the phone.

*As for some items which is related to the login information, identity verification over the phone is required regardless of whether the information is confirmed or not.

Identity verification is also done via cell phone through SMS. SMS Verification is a way of verifying personal identity by sending a unique code to the customer's registered cell phone number. As only one cell phone number is applied to a cell phone terminal, bitFlyer is able to identify the owner of the cell phone and complete identity verification.

• For your security and protection, all wire transactions (including both deposits and cancels) are verified by real people. This system is required to constantly monitor suspicious deposits or withdrawals to ensure your assets are safe. When we receive a request for a deposit cancellation (withdrawal), we ask customers to confirm that the request is genuine by sending a notification e-mail.
• For your security and protection, all Bitcoin send and receive transactions are verified by real people. Before reflecting to a customer account, bitFlyer checks Bitcoin coming in to customer addresses for any suspicious activity. Bitcoin transactions originating from customer accounts are also checked, including the destination address.