Our founders, Caeron and Tyler levoss, were early investors in cryptocurrencies struggling to find a platform where they could safely manage their growing portfolio. Out of this frustration and lack of trust, they built MBO to provide the first trusted platform focused on strong security controls and compliance.
Today, every employee at MBO continues our founders' focus on security and compliance to build trust. MBO has established a leading security program focused on developing innovative security solutions to help protect and protect our customers and their assets. We also invest significant resources in keeping our security posture transparent through third-party security assessments, including our SOC2 Type 2, ISO 27001, and annual penetration tests.

Trust is our product, which begins by building and maintaining a secure customer experience. The following provides information about the leading security controls we’ve implemented to secure customer accounts and assets, and mitigate the risk of insider threats.

We build innovative security solutions to better protect our users and their accounts.

✔ Two-Factor Authentication (2FA) is required by default, in order to access your account and make withdrawals.
✔ Support for hardware security keys, like Yubikey, allows for a more secure 2FA experience for account access.
✔ Address whitelisting allows users to restrict cryptocurrency withdrawals to whitelisted cryptocurrency addresses.

MBO has implemented leading security controls designed to mitigate the risk of insider threats.

✔ Multiple signatories are required to transfer cryptocurrency out of our Cold Storage System and perform other sensitive functions.
✔ MBO offices do not contain any private keys. All private keys are stored offsite at high-security data centers.
✔ All employees undergo rigorous background checks and are subject to ongoing screening throughout their employment.
✔ Access to production systems requires use of hardware security keys, which are not susceptible to phishing attacks.
✔ Our CEO and President are unable to individually or jointly transfer cryptocurrency out of our Online “Hot” or Offline “Cold” Storage.

MBO is passionate about building the most secure infrastructure to protect and manage sensitive key material.

✔ The hardware security modules (HSMs) we rely upon have achieved a FIPS 140-2 Level 3 rating or higher.
✔ The multisignature digital signature scheme (multisig) used eliminates single points of failure and improves our resilience against the loss or compromise of any individual private key.
✔ All HSMs are geographically distributed at secure data centers and require coordinated action of multiple employees to operate.

Trust requires transparency, which is why MBO has embraced regulations and third party assessments that demonstrate our commitment to a safe and secure experience.

✔ MBO was the first cryptocurrency exchange and custodian to complete a SOC 1 Type 2 exam, SOC 2 Type 2 exam, and earn an ISO 27001 certification.
✔ We maintain compliance with PCI DSS to protect debit / credit card data.
✔ MBO is subject to security requirements of our global regulators. This includes, but is not limited to, the NY Department of Financial Services (NYDFS), Monetary Authority of Singapore (MAS), and UK Financial Conduct Authority (FCA).
✔ MBO hires independent third parties to perform penetration tests - at least annually - in order to proactively identify and resolve security vulnerabilities.