How FixedFloat keeps your crypto safe
Security at ff-io.io is layered: non-custodial transaction flow, segmented hot-wallet design, cold storage for the bulk of inventory, hardened infrastructure and 24/7 incident response. Here is exactly how the FF platform earns its reputation.
Non-custodial
The FF platform never holds your funds longer than the time it takes to perform the swap. There is no balance to hack — only a handful of transactions in flight.
Segmented hot wallets
One hot wallet per chain, sized to operational need. Compromise of any single hot wallet caps loss to that chain's working float.
Cold storage majority
The bulk of platform inventory lives in offline cold storage. Hot wallets are rebalanced on a strict schedule with multi-sig approval.
The FF non-custodial model
Most user funds losses on centralized exchanges happen because customers trust the venue to hold a balance for them, and the venue's security fails. FixedFloat removes this attack surface entirely. Each exchange on ff-io.io is a self-contained transaction: you send asset A from your own wallet, the platform sends back asset B to a wallet you control, and the cycle ends. There is no on-platform account, no balance, no withdrawal queue. If the FF platform were to disappear tomorrow, no user would have funds locked.
Hot-wallet architecture
To pay you out instantly, FixedFloat must hold an inventory on every receive-chain. We organize this inventory into segmented hot wallets: one per chain, signed by chain-specific keys, with a per-wallet balance limited to operational needs. If a Bitcoin hot wallet were ever compromised, the loss is limited to the Bitcoin float — not the entire platform inventory. Hot-wallet keys are stored in tamper-evident hardware modules and rotated on a schedule.
Cold storage and multi-sig
Above 90% of platform inventory typically lives in cold storage — air-gapped wallets whose keys are stored in geographically distributed hardware. Cold storage is multi-signature: no single individual at FixedFloat can move cold-stored funds. Rebalancing operations from cold to hot are scheduled and require multiple authorisations.
Infrastructure hardening
- All web traffic served over TLS 1.3 with HSTS preloaded.
- DDoS protection at the edge with multiple network providers.
- Static and dynamic application security testing on every release.
- Audited dependency tree; no unsigned third-party code on the production hot path.
- 24/7 monitoring with on-call SREs and a published RTO/RPO target.
AML monitoring
Like every reputable crypto venue, FixedFloat runs incoming addresses through industry blockchain analytics. We do not run KYC on standard pairs, but the system can pause an order if a deposit comes from an address known to be linked to sanctioned actors, confirmed darknet markets or proceeds of public hacks. Affected users are contacted by our compliance team via the order chat.
What you can do to stay safe
- Bookmark ff-io.io and never click suspicious links from social media or email.
- Confirm the SSL padlock and the domain name before pasting an address.
- Use a hardware wallet for large amounts.
- Test with a small amount before sending size.
- Never share your order URL with strangers — it contains the only link to your specific transaction history.
Reporting a vulnerability
FixedFloat operates a responsible disclosure programme. If you discover a security issue, please email security@ff-io.io with a reproducible report. We acknowledge submissions within 24 hours.