us. If you have questions, would like to provide feedback, or would like more information about Gemini, please submit a request through this form using the address associated with your Gemini account for expedited service. - Call Customer Support at
Us
Will Gemini ever call me?
us
Is Gemini available on social media?
How can I apply to work at Gemini?
Brand material usage
I have a suggestion for a new feature or feedback regarding an existing feature
Trust is Our
Product
Gemini has operated with a security-first mentality from day one. Our security loso adheres to three principles.
Defending against external threats
Defending against external threats
Protecting against human error
Protecting against human error
Guarding against misuse of insider access
Guarding against misuse of insider access
Asset Security
The majority of your assets are held in our off-gapped Cold Storage system. Only a small portion is held in our onWallet, which is insured.
Gemini Offrc;€˜Cold’ Storage
We use hardware security modules (HSMs) that have achieved a FIPS 140-2 Level 3 rating or higher.
All private keys are generated onboard our HSMs and stored and managed there for their lifetime.
We use a multisignature digital signature scheme (multisig) to eliminate single points of failure and improve our resilience against the loss or compromise of any individual private key.
All HSMs are geogracally distributed and stored in monitored, access-controlled facilities.
All HSMs require the coordinated action of multiple employees to operate.
Gemini ‘Hot Wallet’
We use hardware security modules (HSMs) that have achieved a FIPS 140-2 Level 3 rating or higher.
We follow the principle of least-privilege by applying tiered, role-based access-controls to our production environment. Administrative access requires multi-factor authentication.
Account Security
Two-Factor Authentication (2FA) is required for logging in to your account and making crypto withdrawals.
We support Hardware Security Keys via WebAuthn so that you can secure your account with the strongest 2FA protection.
You can create an Approved Address list that restricts your crypto withdrawals to approved addresses only or disables all crypto withdrawals from your account.
Rate-limiting is applied to certain account operations, such as your login attempts, in order to thwart brute force attacks.
We hash and salt your password and use encryption to secure your personal information and other sensitive information, both in transit and at rest.
Compliance and Certifications
Gemini is a New York trust company that undergoes regular bank exams and is subject to the cyber security regulations promulgated by the New York Department of Financial Services. We are the world’s first cryptocurrency exchange and custodian to successfully complete a SOC 1 Type 1 exam, SOC 2 Type 2 exam, and earn a ISO 27001 certification.
Infrastructure Security
All of our website data is transmitted over encrypted Transport Layer Security (TLS) connections (i.e., HTTPS).
We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers.
We partner with enterprise vendors to mitigate against distributed denial-of-service (DDoS) attacks.
Internal-only sections of our website have separate access controls and are not exposed to the public Internet.
Internal Controls
Multiple signatories are required to transfer cryptocurrency out of our Cold Storage System.
Our CEO (Tyler Winklevoss) and President (Cameron Winklevoss) are unable to individually or jointly transfer cryptocurrency out of our Cold Storage System.
Our offices do not store or contain anything of value, including private keys. All private keys are stored offsite and geogracally distributed in monitored, access-controlled facilities.
All employees undergo criminal and credit background checks and are subject to ongoing background checks throughout their employment.
All remote-access requires public-key authentication via credentials stored on hardware tokens — passwords, one-time passwords (OTPs), or other shable credentials are not permitted.
Questions
If you have any questions or concerns about your account — or believe there has been an unauthorized login attempt and/or transaction that you do not recognize — please our Customer Support Team at or call +1 (toll-free in the USA).
/p>
Reporting Security Issues
If you believe you have identified a security vulnerability on our platform, we would like to hear from you. Please our Security Team at . To encrypt your communications, please use our PGP public key:
Signup today to claim your Discount. Get Started before it's too late!
