Security at EATOP

Trust, engineered into every layer.

EATOP safeguards billions in customer assets with institutional-grade security, regulated operations across the EU, and protection tools that put control back in your hands.

Open a secure account Explore our security

€18B+

Assets under custody

1:1

Customer reserves, always

98%

Held in offline cold storage

Customer-asset losses to date

Six pillars of protection

Built like a bank. Operated like a security company.

Multi-region cold storage

98% of customer assets are stored offline in geographically distributed, HSM-protected vaults with strict multi-party access controls.

1:1 reserves, on-chain proof

Every euro and every coin you hold is backed 1:1. We publish Merkle-tree proof-of-reserves attestations verified by independent auditors.

Defense-in-depth infrastructure

Hardware-isolated environments, FIPS-validated key management, signed deployments, and continuous adversarial testing protect every layer.

24/7 SOC monitoring

A global security operations center watches every transaction in real time, using anomaly detection trained on a decade of market data.

Regulated where it matters

Licensed under the EU's MiCAR framework with country-level registrations across Europe. Full segregation of customer and corporate assets.

Insurance & risk reserves

A dedicated insurance fund and capital reserve cover extraordinary platform-side incidents so your assets stay yours.

Proof of reserves

Every coin, fully backed. Verified on-chain.

EATOP publishes a cryptographic Merkle-tree proof-of-reserves report each month. Verify your own balance is included — no trust required.

Monthly third-party attestations
Customer-verifiable Merkle proofs
Customer assets segregated from corporate funds
Real-time wallet addresses published for the top 20 assets

View latest attestation

Reserves ratio

102.4%

BTC103.1%

ETH101.8%

USDT100.7%

EUR100.0%

Last attestation: independently verified · 1 Jun 2026

Account protection

The most powerful security tools, on by default.

Hardware-key 2FA

FIDO2 security keys and authenticator apps. SMS is deprecated by default.

Withdrawal address whitelist

Lock outgoing transfers to addresses you've pre-approved, with time-delay protection.

Biometric device pairing

Trusted-device sessions secured with passkeys and on-device biometrics.

Anti-phishing code

A unique code in every EATOP email so you can verify it's really from us.

Compliance & certifications

Audited, certified, and held to the highest standards.

EATOP undergoes continuous third-party audits and maintains certifications across operational security, information security, and financial reporting.

SOC 2 Type II

ISO 27001

ISO 27017

PCI DSS Level 1

MiCAR (EU)

GDPR

Bug bounty

Help us stay one step ahead.

Earn up to €250,000 per qualifying vulnerability. We triage every submission within 48 hours and credit researchers in our public hall of fame.

Submit a report

€250k

Max payout

< 48h

Triage SLA

1,200+

Researchers paid

Top 1%

HackerOne ranked

Need help with your account? Visit Support