NYXANCE

Security

Security is not a feature — it is the foundation of everything we build. NYXANCE employs a multi-layered security architecture to protect user funds and data.

Security Architecture

Infrastructure

  • SSL/TLS encryption for all connections
  • DDoS protection via Cloudflare
  • Web Application Firewall (WAF)
  • Rate limiting on all API endpoints
  • Geo-distributed infrastructure

Account Security

  • Two-Factor Authentication (2FA)
  • Withdrawal address whitelist
  • Email confirmation for withdrawals
  • Session management & device tracking
  • Anti-phishing code support

Asset Security

  • Cold wallet storage (95%+ of funds)
  • Multi-signature withdrawal authorization
  • Hardware Security Module (HSM) key management
  • Time-locked withdrawal processing
  • Proof of Reserves verification

Penetration Testing

Regular third-party penetration testing is conducted by independent security firms. Our platform undergoes comprehensive security assessments including network penetration testing, application security testing, and smart contract audits.

Incident Response

Our security operations center operates 24/7 with automated alerting systems. We maintain a comprehensive incident response plan with defined escalation procedures, ensuring rapid detection and resolution of any security events.

Bug Bounty Program

We believe the security community plays a vital role in keeping NYXANCE safe. We reward responsible disclosure of security vulnerabilities with competitive bounties.

Critical
$5,000 — $50,000

Remote code execution, fund theft, authentication bypass, smart contract vulnerabilities allowing fund drainage

High
$1,000 — $5,000

Privilege escalation, significant data leakage, order manipulation, API key exposure

Medium
$250 — $1,000

Cross-site scripting (XSS), CSRF, information disclosure, rate limiting bypass

Low
$50 — $250

Minor information disclosure, best practice violations, UI-level issues with security implications

Scope

In Scope
  • Web application (nyxance.com)
  • REST & WebSocket API
  • Smart contracts
  • Authentication system
  • Trading engine
Out of Scope
  • Social engineering attacks
  • Denial of Service (DoS/DDoS)
  • Physical security attacks
  • Third-party services
  • Spam or phishing

Rules of Engagement

  • 1.Practice responsible disclosure — report vulnerabilities before making them public
  • 2.Do not access, modify, or delete data belonging to other users
  • 3.Do not perform social engineering attacks against NYXANCE employees or users
  • 4.Do not perform DoS or DDoS testing against our infrastructure
  • 5.Provide detailed reproduction steps in your report
  • 6.Allow reasonable time for remediation before public disclosure
  • 7.Only test against your own accounts

Report a Vulnerability

PGP:PGP public key available on request for encrypted communications
SLA:Initial response within 24 hours, triage within 72 hours
Systems Operational

All NYXANCE systems are monitored 24/7 with automated alerting. Our security operations center maintains continuous oversight of all platform components, network traffic, and user activity patterns to detect and respond to threats in real time.