Security

We keep your cryptocurrency safe

Industry leading protection for your crypto

The security of your crypto is our top priority

Illustration of shield and key

Deep freeze storage

We store the majority of customer cryptocurrency in “deep freeze” using a multi signature wallet where the keys are generated and stored entirely offline and offsite. The keys are managed entirely by Bitgo Custody, the world's most secure and compliant digital asset custody solution.

Illustration of wallet holding Bitcoin

Hot wallet

A multi-signature hot wallet is used to facilitate instant Bitcoin transactions. Backups of the keys are stored offline in geographically dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security. The external custodian also enforces velocity limits.

Illustration of wallet holding Bitcoin

Air Gaps

Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. This significantly reduces the attack surface since physical access is required. The airgap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.

Authentication

Illustration of a mobile device and encrypted password with padlock

Two factor authentication

Two-factor Authentication (2FA) is supported to provide another level of authentication and ensure complete peace of mind.

With 2FA enabled, you will add an extra layer of protection to your account: a one-time code that can only be generated on your smartphone.

Passwords

Passwords are stored in hashed form: nobody other than yourself ever has access to your password. We make sure that users use a strong password when they sign up with Luno.

We recommend using Lastpass, Keychain, Keepass or another reputable password manager to generate and keep track of a strong password.

Illustration of person and an encrypted password with padlock
Watermark image of key
Watermark image of phone

Learn more about our security

verified_user

Authorisation

Luno ensures that you authorise any High-risk actions that are performed on your account, such as sending crypto from your account.

fingerprint

Privacy

Your personal and financial information is only stored and processed in cloud services that meet our strict infrastructure security requirements. This information is only collected and shared in accordance with our Privacy Policy.

cloud

Infrastructure

Our infrastructure is hosted on Amazon Web Services, which offers a secure environment for Luno services to ensure the safest possible access control, data encryption, monitoring and isolation.

Our internal networks are protected by firewalls and not exposed to the internet. All internet traffic is also encrypted to the same standard as external services. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact.

All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.

security

Organisation Security

All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server.

As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.

email

Communication

We keep our members updated in real-time using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.

bug_report

Bug Bounty

We work with an active community of security researchers through our Bug Bounty Program to continually improve the security of Luno and our members’ funds.

BSI accredited logo

Luno adheres to the BSI Information Security Standard. Complying to this standard helps us continuously identify risks and manage or eliminate them.

It’s never too late to get started

Buy, store and learn about Bitcoin, Ethereum, XRP and Litecoin now

App store iconGoogle store iconLaptop icon