The majority of customer Bitcoin funds are kept in what we call “deep freeze” storage. These are multi-signature wallets, with private keys stored in different bank vaults.
No single person ever has access to more than one key. Spending any Bitcoins from deep freeze storage requires a coordinated effort with multiple layers of encryption and security checks. Wallet backups are also stored in encrypted form.
We maintain a multi-signature hot wallet to facilitate instant Bitcoin withdrawals. We control one of the keys and the other is held by the multi-signature custodian leader BitGo.
Splitting control of the keys between two companies makes the wallet much more secure, because an attacker would have to compromise both the Luno and BitGo systems in order to steal the keys.
Passwords are stored in hashed form: nobody other than yourself ever has access to your password. We make sure that users use a strong password when they sign up with Luno.
We recommend using Lastpass, Keychain, Keepass or another reputable password manager to generate and keep track of a strong password.
Two-factor Authentication (2FA) is supported to provide another level of authentication and ensure complete peace of mind.
With 2FA enabled, you will add an extra layer of protection to your account: a one-time code that can only be generated on your smartphone.
All web services and communication happens over SSL-secured (https) channels. Wallets are stored using PGP encryption. No individual has direct access to customer Bitcoin funds and regular auditing — both financial and security auditing — ensures that funds are always safe and fully accounted for.
All our employees pass a background check, receive security training and are required to adhere to the company security policy.
All personally identifiable information, such as ID numbers, names and identity document scans, are encrypted and securely stored. Access to this information is logged and strictly controlled on a need-to-know basis.
For more information on this, see our