Ever since Cloudbet launched the first-ever crypto sportsbook and casino in 2013, the security of your funds and information has been our priority.
High-profile stories of hacks and exploits across the crypto industry — including the September 2023 hack of Stake.com — provide great fodder for headlines, but also point to a simple truth: These attacks are preventable outliers that could be stopped with proper protocols in place.
At Cloudbet, we have done everything possible to put proper protocols in place.
Cloudbet’s Security Measures
Cloudbet security is built on a multi-layer system of safeguards underpinned by hot and cold wallet storage, multi-signature approvals, and multi-party computation (MPC), along with various other measures that we use to protect your funds.
Hot and Cold Wallet Storage
When you make a deposit, it is moved directly to offline storage in our Cloudbet cold wallets, regardless of size. Payouts are made from dedicated hot wallets, in which we only keep a small amount of funds. We refill these wallets multiple times a day as required.
This arrangement ensures we always have ample funds for day-to-day withdrawals, while minimizing exposure to potential security threats.
The private keys and recovery codes for all our wallets are kept divided across multiple locations, with multiple, unique approvals needed for access to each wallet.
Multi-Party Computation (MPC)
Our wallet storage system is protected by MPC, a cryptographic protocol that disperses the risk of holding private keys, eliminating a key point of compromise for cryptocurrency wallets.
MPC is a standard that has been around since the 1980s but has only recently been applied to digital asset custodianship. Given its effectiveness, it is rapidly becoming the gold standard by which cryptocurrency operators secure their assets.
With MPC, private keys no longer need to be stored in one single place or a “single point of compromise.” The private keys for Cloudbet wallets are broken up into shares, encrypted, and divided among individuals in our security team.
The team independently computes their part of the private key share they hold to produce a signature without revealing the encryption to others in the team. This means there is never a time when the private key is formed in one place.
Whenever the key is required for a withdrawal, MPC is set in motion to confirm that the Cloudbet security team, or a certain number of individuals out of the full team, approve of the request. In this way, a potential hacker now has a much harder task: To gain control over our wallets, they now need to attack multiple parties simultaneously.
The MPC solution then solves the problem of secure key storage.
Multi-Signature Approvals
We enforce a multi-signature approval system on all of our fund movements, often requiring three or more individuals to sign off on a transaction. The number of approvals (and sometimes re-approvals) depends on the transaction amount, and approvers are required to use 2FA security throughout.
There have been times when these added approvals have caused delays in fund transfers, but we are confident the extra verification is worth it for user safety.
Real-Time Fund Reconciliation
We have installed a security protocol that runs real-time reconciliation of withdrawals with our accounts and shuts down all fund movement in case of unreconciled attempts.
In practice, this means there is an additional circuit breaker on our transactions that stops everything if anything looks out of place.
Bug Bounty Program
We welcome support from the community to rigorously test our security and our systems. We pay generous bounties to individuals who identify shortcomings in our safeguards. In this way, we identify and plug any gaps in our site security before they become a serious issue.
For more information on our Bug Bounty Program, click here.
Your Funds Are Your Funds
Customer funds are kept in dedicated and segregated customer wallets. There is absolutely no commingling of customer funds with funds that Cloudbet uses to fund its own operations.
How You Can Protect Yourself
While we enforce the strictest security measures on our site, we also rigorously encourage all our players to adhere to general Internet best-practice measures to secure their own account. You can help us protect your funds.
Enable 2-Factor Authentication
Protecting your Cloudbet account should start by enabling 2-factor authentication, also known as 2FA. Just head to your account page and open the security page. Under “2-FACTOR AUTHENTICATION” follow the quick steps to enrol. Google security research shows that 99% of all account breaches are prevented with this impactful security feature.
Don’t Get Phished
Be aware of “phishing,” a cyber threat that tries to trick you into revealing your login information to others. Ill-disposed actors might also try to impersonate a representative of Cloudbet in web forums or via email.
Let us be clear: We will never send you any files or links to any files, and we will never ask for your password. If you get any such requests by someone claiming to represent Cloudbet – in any web forum, email, or message service – do not comply: forward the message to [email protected] so we may investigate.
The best protection to not get phished is by verifying that the email sender address is from the @cloudbet.com domain. We will never contact you with any other email address domain, and most customer communications will come from [email protected]. When interacting with the Cloudbet website, make sure it reads cloudbet.com in the browser address bar with a lock symbol: 🔒.
Keep Your Devices Updated
Wherever you sign into Cloudbet, your account is only secure if you install all available updates for the device and your browser. Software updates sometimes seem cumbersome but do contain critical security fixes that you don’t want to miss out on.
Consider “Cold Storage”
For extra security outside of Cloudbet, we suggest using offline, “cold storage” wallets for all personal crypto funds. There are a number of options on the market, so please do your own research and choose the one that is right for you.
Summary
Cloudbet’s commitment to your security is evident in our comprehensive measures, ranging from our cutting-edge Multi-Party Computation (MPC) to robust wallet storage systems and separate account reconciliation circuit breakers. However, your active role in security practices, such as enabling 2-Factor Authentication and staying updated, is equally important.
Your funds are your funds, and we work tirelessly to protect them.