Wallet tiers
Hot / warm / cold
Custody boundaries are explained publicly so users know which controls protect liquidity and reserves.
AttnomSolutions
Loading page
Bringing in the next surface without the heavy transition shell.
Loading page
Bringing in the next surface without the heavy transition shell.
Custody boundaries, MFA expectations, session protection, recovery flow, and incident channels are visible in plain language.
Wallet tiers
Custody boundaries are explained publicly so users know which controls protect liquidity and reserves.
MFA controls
Authenticator-based second factors and step-up checks are treated as baseline expectations, not optional extras.
Session defense
New-device, suspicious-location, and recovery-triggered sessions can lock sensitive actions before funds move.
Good security pages explain user safeguards, wallet discipline, and incident expectations in plain language before pressure arrives.
Market access, trust, and service updates in one system.
Wallet tiers
Custody boundaries are explained publicly so users know which controls protect liquidity and reserves.
MFA controls
Authenticator-based second factors and step-up checks are treated as baseline expectations, not optional extras.
Session defense
New-device, suspicious-location, and recovery-triggered sessions can lock sensitive actions before funds move.
Incident channel
Status, support, and operator lanes are linked so incidents can be communicated without confusion or leakage.
Markets, trust signals, and account entry.
Pairs, spreads, and launch coverage.
Verification standards and monitoring.
Account and wallet protections.
Support lanes and anti-scam guidance.
Service updates and incidents.
Trade, wallets, KYC, tax, and support.
Risk, treasury, and review link.
Users can understand wallet boundaries, account defenses, and incident communication without reading vague security marketing.
Security signal
Wallet tiers
Custody boundaries are explained publicly so users know which controls protect liquidity and reserves.
Security signal
MFA controls
Authenticator-based second factors and step-up checks are treated as baseline expectations, not optional extras.
Security signal
Session defense
New-device, suspicious-location, and recovery-triggered sessions can lock sensitive actions before funds move.
Security signal
Incident channel
Status, support, and operator lanes are linked so incidents can be communicated without confusion or leakage.
Control domain
Hot, warm, and cold wallets must be separated with explicit top-up rules, approval flows, and exposure limits.
Tier boundaries + approvals + exposure ceilings
Control domain
Authenticator-based MFA, device trust, suspicious session detection, and withdrawal confirmations are baseline controls.
MFA + device trust + withdrawal verification
Control domain
WAF, DDoS mitigation, least-privilege production access, secrets rotation, and immutable audit logs belong in the first release.
WAF + secrets rotation + least privilege
01
Recovery pathNew devices, risky networks, and abnormal geography should trigger more friction before the exchange trusts the session.
02
Recovery pathPassword resets, new withdrawal destinations, and suspicious sign-ins should temporarily slow fund movement while evidence catches up.
03
Recovery pathRecovery should preserve identity verification and support oversight instead of falling into an untraceable manual backchannel.
Withdrawal cooldown after password reset.
Cooldown after adding a new withdrawal address.
Manual review for large or anomalous withdrawals.
Trusted-device or step-up verification for risky sessions.
Incident path
Trust laneMaterial degradation, maintenance, and customer-facing incidents should publish here first in controlled language.
Incident path
App laneMFA, device trust, session history, and recovery steps stay close to the customer account surface.
Incident path
Control laneTreasury incidents, account-takeover waves, and suspicious activity escalation move into operations.
Account takeover and credential stuffing wave.
Hot wallet compromise attempt or unauthorized treasury movement.
Banking or payment-partner outage affecting fiat deposits or withdrawals.
Chain congestion that forces controlled withdrawal delays.
Privacy incident or large-scale data exposure event.