Your Assets,

Industry-leading qualified custodian - Cactus Custody™

Always Offline

  • Private keys generated and stored in HSM
  • FIPS 140-2 Level 3+ HSM
  • Private key plaintext not visible to staff

Global Deployment

  • Multi-signature mechanism among data centers
  • Data centers distributed across three continents in politically stable countries

High Standards

  • Deployed in bank vault-level secure data centers
  • Strictly follow ISO27001 and S-SDLC
  • Heterogeneous design of data center devices

Key Security

Mandatory Two-Factor authentication

  • All accounts require two-factor verification when logging in
  • Ukey / SMS Verification Code / Google Authenticator also required
  • All key operations require second verification

High-level encryption measures

  • Website traffic runs entirely over https
  • High-level encryption algorithms used to store sensitive information

Fine-grained authentication mechanism

  • A fine-grained permission design, strict access authentication measures for each interface, and strict isolation between different roles and users
  • Transfer whitelist mechanism

Security Assurance


  • 'Security first' is part of our company's culture, embedded in all aspects of our activities, including surveys of personnel during recruitment, training content for new employees, and customized security requirements for different positions
  • All company employees are required to abide by the security red-line and have established a corresponding reward and punishment system


  • Adopt and deploy a large number of industry-leading security products and tools
  • Developed detailed security design, secure coding, security testing, and security operation and maintenance specifications
  • There are more than 100 rules in place to drive for security best practices


  • The S-SDLC security development process is fully implemented to ensure security is integrated into the product development process, and ensure security is the basic quality attribute of products
  • Refer to IPDRR architecture, monitor the security status of products and services in real time and respond in a timely manner
  • Conduct regular penetration testing activities

Working Together to Ensure
Cyber Security of Blammo

If you find vulnerabilities in our products, or are targeted by a phishing attack using a fake version of our website, please notify Blammo Security Response Center immediately.
You can send an email to Thank you for contributing to helping secure our users' assets!


John Semos

kindly provided security advice to Blammo

Faisal Mehmood

reported a Clickjacking issue


provided abundant materials for Blammo employees' security education activities

Abhishek Karle

provided advice on session management and DMARC RECORD configuration

Indra Juliana

reported an insecure configuration issue of Spring


reported a Dom-based XSS vulnerability

Subscribe to our newsletter

Stay ahead with the latest updates from Blammo

Successfully subscribed, thank you!