Trust is OurProduct

Gemini has operated with a security-first mentality from day one. Our security philosophy adheres to three principles:

Defending against external threats

Defending against external threats

Protecting against human error

Protecting against human error

Guarding against misuse of insider access

Guarding against misuse of insider access

  • Asset Security
  • Account Security
  • Compliance and Certifications
  • Infrastructure Security
  • Internal Controls

The majority of your assets are held in our offline, air-gapped Cold Storage system. Only a small portion is held in our online Hot Wallet, which is insured.

Gemini Offline ‘Cold’ Storage

  • Gemini’s hardware security modules (HSMs) that have achieved aFIPS 140-2 Level 3 rating or higher.

  • We use a multisignature digital signature scheme (multisig) to eliminate single points of failure and improve our resilience against the loss or compromise of any individual private key.

  • All private keys are generated onboard our HSMs and stored and managed there for their lifetime.

  • All HSMs are geographically distributed and stored in monitored, access-controlled facilities.

  • All HSMs require the coordinated action of multiple employees to operate.

Gemini ‘Hot Wallet’

  • We follow the principle of least-privilege by applying tiered, role-based access-controls to our production environment. Administrative access requires multi-factor authentication.

Crypto Security

The majority of your crypto is held in our offline, air-gapped Cold Storage system. Only a small portion is held in our online Hot Wallet, which is insured.

Gemini Cold Storage

  • We use HSMs that have achieved a FIPS 140-2 Level 3 rating or higher.

  • All private keys are generated onboard our HSMs and stored and managed there for their lifetime.

  • We use a multisignature digital signature scheme (multisig) to eliminate single points of failure and improve our resilience against the loss or compromise of any individual private key.

  • All HSMs are geographically distributed and stored in monitored, access-controlled facilities.

  • All HSMs require the coordinated action of multiple employees to operate.

Gemini Hot Wallet

  • We follow the principle of least-privilege by applying tiered, role-based access-controls to our production environment. Administrative access requires multi-factor authentication.

Account Security

  • Two-Factor Authentication (2FA) is required when you log in to your account or make crypto withdrawals.

  • We support Hardware Security Keys via WebAuthn so that you can secure your account with the strongest 2FA protection.

  • You can create an Approved Address list that restricts your crypto withdrawals to approved addresses only, or disables all crypto withdrawals from your account.

  • Rate-limiting is applied to certain account operations, such as your login attempts, in order to thwart brute force attacks.

  • We hash and salt your password and use encryption to secure your personal information and other sensitive information, both in transit and at rest.

Compliance and Certifications

Gemini is a New York trust company that undergoes regular bank exams and is subject to the cyber security regulations promulgated by the New York Department of Financial Services. We are the world’s first cryptocurrency exchange and custodian to complete a SOC 1 Type 2 exam, SOC 2 Type 2 exam, and earn an ISO 27001 certification.

Infrastructure Security

  • All of our website data is transmitted over encrypted Transport Layer Security (TLS) connections (i.e., HTTPS).

  • We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers.

  • We partner with enterprise vendors to mitigate against distributed denial-of-service (DDoS) attacks.

  • Internal-only sections of our website have separate access controls and are not exposed to the public Internet.

Internal Controls

  • Multiple signatories are required to transfer cryptocurrency out of our Cold Storage System.

  • Our CEO (Tyler Winklevoss) and President (Cameron Winklevoss) are unable to individually or jointly transfer cryptocurrency out of our Cold Storage System.

  • Our offices do not store or contain anything of value, including private keys. All private keys are stored offsite and geographically distributed in monitored, access-controlled facilities.

  • All employees undergo criminal and credit background checks and are subject to ongoing background checks throughout their employment.

  • All remote-access requires public-key authentication via credentials stored on hardware tokens. Passwords, one-time passwords (OTPs), or other phishable credentials are not permitted.

Questions

If you have questions, would like to provide feedback, or would like more information about Gemini, please submit a request using the email address associated with your Gemini account for expedited service.

Vulnerability Disclosure Policy

At Gemini, we welcome contributions from security researchers. If you believe you have found a security vulnerability that impacts Gemini, we encourage you to contact us immediately. Our team will investigate all legitimate reports and do our best to respond in a timely manner.

To participate in our private bug bounty program or learn more about the terms of our program, including our scope, bounties, or safe harbor guarantee, please email bugbounty@gemini.com.

Our commitment to security researchers is simple: we will not take action against anyone who reports an issue in a responsible manner. We will do our best to reply to you in a timely fashion and periodically update you on our progress with respect to investigating or remediating any issues you may have identified.

Contacting Security

Please send all general security queries to security@gemini.com. To encrypt your communications, please use our PGP public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----mQINBF8h3SABEADD0jNK7Bdn7eQCcORYTJNCQPq/ep1+Z49buoG5MJXifHU/JVj5MYuzBo5yyi6Xp1xSg+vaQwZdmG4Ezv4AElJfoAJbNt1ZFrd9yiAG58X3EWIDjJhpMc3L+e3hzdjfiCZzUFhrkLhRQJnhvcZR3wjGzd4F8ZqMP5quA8M9rJ//Iz+NHSinPhIWDJ3PIzx3NTxdWZsVgK9DFUYRHQkdRhmFQiKkuosECn0BBF9W33+ASOk+kmKQ2X6ZBFKa7do6lW9GjyL+DZZXupP5wtfwHjBi7RO1ewunSZTtVp5AbmU5ecWwg9FTrSPU9cGjW39FC6KYB0rM9ZwqrOdcwIhYDmHDsvFlZLX4fxT4/Suh41j0Hb8pYYM2UVh/srZqiofqEkBsdzUJwnXljIXZjPew8V50Ie7waHByw7eP/dtmEuIvbOdIRRJB7afQjMKoEbSu3ZmrF9fTqUDXu4nI09ujHuLCshLzR383oPmtTdzSKGk8/ujxYHQ4ntABXw75cSjBR1mwkl83P5edR4MCBfMjzl691MVP3JIXYapheApih1/qQFM78++xZPxMMrJzFakhQ/lcHTEJSn4I4hqDmI6DANT4uEN5dj8kEDB0SsrNvsOC+ewcsNt59QzGNzr/6e56SokYDsVP0TTejkqcc0BFmT7GxPlCANcWoEc9zwivblPwIQARAQABtCpHZW1pbmkgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAZ2VtaW5pLmNvbT6JAlQEEwEKAD4WIQTQ0+8dAxl2S1L41LmPHL4ftzStegUCXyHdIAIbAwUJB4jCgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCPHL4ftzSterseD/4hM6m3rWjgiv2sR2+b5p5bfb+nUYMM+2aFvYqjT6anV3F2/xM7DfVM22hK/AXmreblGehlPytgPrAydqVIGJxBXGRtA+Ynd6/QxXpTRZZL2BaWQ7P6t9nQayEulX3ynzOt2m7aMNWk3arHT0uiHhkzJHsy6QtEUffwykipQaUpDhzUeK7Q5fO3GB78d612ndIibzYhZQciKFRvsbHQqkN2DicG8NxAw4T+wxipCqNXeQJLlBAM7uuGRsdst0RFKtFTFPGsmrq1CwnlQGhf+zoUunRVDvOOUxMh3+Ki0BiOnhLuqVVaJ8GI6SWLT60ss+YHsXaKXdHsjKPXGIVdn69a0uvCYbhsXjDgZWzKXBXZVdyPdzxHvRJO1YS9Xkog+o8acv+TU2pwgziYAlDqZoEyr63WExXnuZ5M/JE0CW0KYD/iHDS858/S2iPicOatHj77Pmza1dOBRkny5R+jJDVLBdyUVKHKgp6UDyibbqehu/kuNWuRgx3IsZuAxI5sIn263QAi/p1wvqIYLmrWsASzXyYN6ddOPPXH2Xpe0qFwZ0W7lz2jS+NWanIvv5ApVO/wigrbWZW2TUT+gLAT5ZwTdIj7gnJYcr56uHw90Db7c/tS6kd4bdpVzPCRiQ0tBVe6zIWFEyE3RXdPoso4hlBuYpVaH+GIFZcpFfpx87XNuLkCDQRfId0gARAArSI1ox9quZa66m4KtwzAPBGMDG4rTKC6I+XNpb9dOQIQxyGyxR9i7lfGG7lRrMnjNweoOd1zaUj1kQPOOIRVt0LKGErWzekORgWIh8U18Nf4vFXuSPWmGOSSgTMBjbwQdJWr14hcD9nMgYk97rfR294sR1Sb9/XRKZFdYVB6SjiQHH/Uo9vYbfGg0hzXftkv6LXo/RqyHHqyCgA1SiG2n0BMQasyiW3eS0fKFP1/fPCQ/joN1oXmRI2pRKsOANu2R1Lgj68VkIGNfVLua/4Csu3xIk6x0gy6VBjZx8sKRBSBch1OGlXvZmFvKvUZ/0mLcSgIKD5AkqjuZ081GooRwSD7VbQtiuuYDUj08E8Z1FYTYI638qnCpowU8hIw0oKsvOuq0BHhAqi2eqVDZeI5PwGMN2j9IU/shZ4nRgRTSYgS0LAn+lpzuMJ7bjzN1rfil301N4vFEqv+yf5i1GGkFPEO3FBx8P8LtGw6j+rEREj80z28zUdiUEQ0XRDT0eZyvUbqXpJK8of7RhH2ZDlsycHfgnEhGLOjdb54ey4WDF3PQi2ASlI5NHRz1J4+qSj1iY2kgE/0eZRkHPdst2OSXCsx5j5UAaj8t+wvcD1pclLmDe5PzwL8qrpsmTWlse8fpOPPSgTHuKXoBqGrm1eaXHYE3BES2yazrZENgApmaRcAEQEAAYkCPAQYAQoAJhYhBNDT7x0DGXZLUvjUuY8cvh+3NK16BQJfId0gAhsMBQkHiMKAAAoJEI8cvh+3NK160kMP/iIkSu7BVfuZbuwEVHPu6J7LEJUQXvtYtwCUWLAscNIVr0WrxM9U4iCmSUTtqM3gwM0vNPJdD6/1/Ktc8Bp8TCCqu7F3z7QdcesFagPSyqWc6WLcOzo0sKWClUfN80kLOhhL+izgJXuMg0uaTdYdRELD2KK91b+qu686EWyjpUnlChZJ6+FjNmccwp9/uvdSxiZdfhyPFBPQsoxte7iLqmOedVM4UNvxmcO6ctiBEOYHNUb3QCeEUfz76aD+0OVgBNDEjilIb0CeJ+5rToviMthmCDIOwfjRwr38JESs0qmWPpGoTI8Szprf7zcr3eFVDjJcHvuymo3RY1cZE791HZA1uYhNunnk24zEyVYGX9ErKrPc/Ymmw+CyvT8hhJlcWfkcjqz1jFrMQuDRUZmM0IVLGSLLUPSdEyc2yRM1WckqCCO0DD8K6m2+vypgeoVIWTRBII0LbkTYKRwIOGguleo7m3P3XIVDaTKaWNDexNLYMoR6LAuj4cgeVghcY39lOaI8DMzPZm2ueZp1VcXmX1uJaCP0jh6c6IgSontFTnc617DXl0pBB9MaR8d/vNmiP0SMjds3stL5DduiG1LY3/M42BPjs/DmdWfV/Fdm3+gwqwkZUH/MCbHIgbjk39SO/MPkhKfmohERIYnhM69XyHf8xLRreVtadOiSUs381K1l=VUGn-----END PGP PUBLIC KEY BLOCK-----