Due to the recent hacker attacks on Binance and other exchanges we want to explain how we will secure users assets.

• Each transaction to an internal account (top up) or from an internal account (withdraw) must be signed by ETH private key. It will prove that only the owner can process this demand.
• We add IP whitelist for bots working via API.
• We will use secure oracle services for blockchain, it will allow tracking any incoming or outcoming transaction.
• A deposit from the external blockchain can only be done from by a specified user address and withdraw operation will be processed only on the same address. Specified deposit-withdraw addresses cannot be changed after binding.
• Each isolated oracle service will spread users assets on HMW structure.
• Each transaction on HMW structure can be declined and reverted during a secure period. Newbies, users with a high-risk rating, won’t be able to withdraw without a holding period, a secure time for rechecking legal ability for this procedure.
• 10-25% of fees from ESCB exchange will be used for an all risks-fund as it was described in our White Paper.
• API keys can be regenerated and it will block all operations via API. For authorization user must receive temporary API-token, this will not be related to the API secret. Each request for invocation of a private method must be signed by HMAC SHA256.
• To avoid DDOS attack we will implement a rate-limit shield. It will protect from flood requests from one IP address for unauthorized users and will also help to detect abnormal behavior from an internal account, which will be suspended if this is the case.
• We implement our own analytics system for web and mobiles clients, this will allow to us detect suspicious behavior on the client's side (web, desktop, mobile clients)