Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more.
Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more.
Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more.
Our security measures
Built to minimise the risk of bad actors
Committed to your safety
Layered security
Your assets are kept in offline storage systems that use multisignature technology, role-based governance protocols, and multiple layers of biometric access controls.
Industry-leading transparency
Luno publishes monthly Proof of Reserves via Moore Audit, with added Merkel Tree technology so you can always verify your crypto is where it’s supposed to be.
Fully certified
Our systems and processes undergo regular audits and are certified to meet international standards, including ISO/IEC 27001:2022, ISO/IEC 27701:2019, and ISO 22301:2019.
Privacy first
Your personal and financial information is only stored and processed in cloud services that meet our strict infrastructure security requirements.
Stay in the know
We keep our members updated in real-time of any incidents using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
Stay in the know
We keep our members updated in real-time of any incidents using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
Stay in the know
We keep our members updated in real-time of any incidents using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
Defending your crypto against bad actors
*Luno takes a wide variety of preventative measures to defend your crypto against threats, but there is still a risk of scams, hacks, loss of private keys and other financial crimes. Luno will never ask for your password, will never provide financial advice, and will never ask you to transfer funds to an external wallet.
Authorisation
Luno ensures that you first authorise any high-risk actions that are performed on your account, such as sending crypto.
Authorisation
Luno ensures that you first authorise any high-risk actions that are performed on your account, such as sending crypto.
Authorisation
Luno ensures that you first authorise any high-risk actions that are performed on your account, such as sending crypto.
Deep freeze storage
The majority of customer cryptocurrency is stored offline and offsite in "deep freeze", which is managed by Bitgo Custody and Fireblocks.
Deep freeze storage
The majority of customer cryptocurrency is stored offline and offsite in "deep freeze", which is managed by Bitgo Custody and Fireblocks.
Deep freeze storage
The majority of customer cryptocurrency is stored offline and offsite in "deep freeze", which is managed by Bitgo Custody and Fireblocks.
Hot wallets
Multi-signature hot wallets are used to facilitate near-instant transactions. Backups of the keys are stored offline in geographically-dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security.
Hot wallets
Multi-signature hot wallets are used to facilitate near-instant transactions. Backups of the keys are stored offline in geographically-dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security.
Hot wallets
Multi-signature hot wallets are used to facilitate near-instant transactions. Backups of the keys are stored offline in geographically-dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security.
Air gaps
Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. The air gap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.
Air gaps
Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. The air gap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.
Air gaps
Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. The air gap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.
Two-factor authentication
Two-factor Authentication (2FA) is supported and provides another level of authentication and confirmation for your account, by generating a one-time code that can only be accessed on your smartphone.
Two-factor authentication
Two-factor Authentication (2FA) is supported and provides another level of authentication and confirmation for your account, by generating a one-time code that can only be accessed on your smartphone.
Two-factor authentication
Two-factor Authentication (2FA) is supported and provides another level of authentication and confirmation for your account, by generating a one-time code that can only be accessed on your smartphone.
Infrastructure
Our infrastructure is hosted on Amazon Web Services, with the goal of offering a safeguarded environment for Luno services to provide a dependable control, data encryption, monitoring and isolation.
Infrastructure
Our infrastructure is hosted on Amazon Web Services, with the goal of offering a safeguarded environment for Luno services to provide a dependable control, data encryption, monitoring and isolation.
Infrastructure
Our infrastructure is hosted on Amazon Web Services, with the goal of offering a safeguarded environment for Luno services to provide a dependable control, data encryption, monitoring and isolation.
Firewalls
Access to our internal processes is enforced through firewalls and are not exposed to the internet. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact. All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.
Firewalls
Access to our internal processes is enforced through firewalls and are not exposed to the internet. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact. All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.
Firewalls
Access to our internal processes is enforced through firewalls and are not exposed to the internet. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact. All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.
Organisational security
All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server. As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.
Organisational security
All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server. As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.
Organisational security
All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server. As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.
Bug bounty
Bug bounty
Bug bounty
We work with an active community of security researchers through our Bug Bounty Program to continually improve the security of Luno and our members' funds.
Start investing today
Your Luno app makes investing straightforward, with a clear and intuitive app experience we know you’ll love.
Start investing today
Your Luno app makes investing straightforward, with a clear and intuitive app experience we know you’ll love.
Start investing today
Your Luno app makes investing straightforward, with a clear and intuitive app experience we know you’ll love.