Security at ChainGain

ChainGain is built with security-first principles across every layer—our website, our tools, and our infrastructure.

Website Security (cryptogains.xyz)

• HTTPS Everywhere: All site traffic is encrypted using TLS 1.3.
• Global CDN + DDoS Protection: Fast and safe delivery through Cloudflare or Netlify.
• Static Site Deployment: No backend database = minimal attack surface.
• Immutable App Hosting: Files served read-only (planned via Cloudflare R2).
• Content Security Policy (CSP): Blocks unauthorized scripts and injection attacks.
• Optional SHA256 Checksums: End users can validate downloads with posted hashes.

Alpha_P Vault Security

• Offline-First Architecture: Vault is designed to operate without internet.
• Encrypted Local Storage: Data is secured with AES-256 encryption.
• Manual Export Only: Vault contents can't leave without direct user action.
• Daily iCloud Backups: Automatically encrypted backups (user-optional).
• Tamper Logging: Planned logs of any unauthorized access attempts.

Alpha_P Wallet Security

• Biometric Login: Face ID or fingerprint required to access wallet.
• NFC Scan for Transactions: No crypto moves without a card scan.
• Changeable NFC Card: NFC authorization card can be re-paired anytime.
• Offline Mode: API syncs manually; private keys stay cold.
• WalletConnect Support: Secure dApp connections with ChainGain’s safeguards.
• Manual Gasless HyperLiquid Link: Safe opt-in access—never passive.

Alpha_P Bot Trader Security

• API-Only Exchange Access: No private keys stored, only API permissions.
• Limited Permissions: Trading only, not withdrawals.
• Sandboxed Strategies: Bot logic runs in isolation to limit breach scope.
• GUI Activity Logs: Planned session history for transparency.
• Manual Activation: User approval required to start trading logic.