How we keep your crypto safe
Optimal protection for your assets
Committed to your safety
Layered security
Your assets are kept safe in offline storage systems that use multisignature technology, role-based governance protocols, and multiple layers of biometric access controls.
Industry-leading transparency
Luno publishes monthly Proof of Reserves via Moore Audit, with added Merkel Tree technology so you can always make sure your crypto is exactly where it’s supposed to be.
Fully certified
Our systems and processes undergo regular audits and are certified to meet international standards, including ISO/IEC 27001:2022, ISO/IEC 27701:2019, and ISO 22301:2019.
Privacy first
Your personal and financial information is only stored and processed in cloud services that meet our strict infrastructure security requirements.
Stay in the know
We keep our members updated in real-time of any incidents using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
Stay in the know
We keep our members updated in real-time of any incidents using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
Stay in the know
We keep our members updated in real-time of any incidents using our Status page, which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
Keeping you and your crypto secure
Authorisation
Luno ensures that you first authorise any high-risk actions that are performed on your account, such as sending crypto.
Authorisation
Luno ensures that you first authorise any high-risk actions that are performed on your account, such as sending crypto.
Authorisation
Luno ensures that you first authorise any high-risk actions that are performed on your account, such as sending crypto.
Deep freeze storage
The majority of customer cryptocurrency is stored security offline and offsite in "deep freeze", which is managed by Bitgo Custody and Fireblocks, two of the world's most secure and compliant digital asset custody solutions.
Deep freeze storage
The majority of customer cryptocurrency is stored security offline and offsite in "deep freeze", which is managed by Bitgo Custody and Fireblocks, two of the world's most secure and compliant digital asset custody solutions.
Deep freeze storage
The majority of customer cryptocurrency is stored security offline and offsite in "deep freeze", which is managed by Bitgo Custody and Fireblocks, two of the world's most secure and compliant digital asset custody solutions.
Hot wallets
Multi-signature hot wallets are used to facilitate instant transactions. Backups of the keys are stored offline in geographically-dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security.
Hot wallets
Multi-signature hot wallets are used to facilitate instant transactions. Backups of the keys are stored offline in geographically-dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security.
Hot wallets
Multi-signature hot wallets are used to facilitate instant transactions. Backups of the keys are stored offline in geographically-dispersed safety deposit boxes. Three keys are required, with one stored by an external custodian to ensure additional security.
Air gaps
Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. The air gap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.
Air gaps
Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. The air gap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.
Air gaps
Private keys are stored offline, and offsite, on a machine not connected to the internet or other networks. The air gap machine is stored in a safe, inside a managed security vault, at an undisclosed offsite location.
Two-factor authentication
Two-factor Authentication (2FA) is supported and provides another level of authentication and protection for your account, by generating a one-time code that can only be accessed on your smartphone.
Two-factor authentication
Two-factor Authentication (2FA) is supported and provides another level of authentication and protection for your account, by generating a one-time code that can only be accessed on your smartphone.
Two-factor authentication
Two-factor Authentication (2FA) is supported and provides another level of authentication and protection for your account, by generating a one-time code that can only be accessed on your smartphone.
Infrastructure
Our infrastructure is hosted on Amazon Web Services, which offers a secure environment for Luno services to ensure the safest possible access control, data encryption, monitoring and isolation.
Infrastructure
Our infrastructure is hosted on Amazon Web Services, which offers a secure environment for Luno services to ensure the safest possible access control, data encryption, monitoring and isolation.
Infrastructure
Our infrastructure is hosted on Amazon Web Services, which offers a secure environment for Luno services to ensure the safest possible access control, data encryption, monitoring and isolation.
Firewalls
Our internal networks are protected by firewalls and not exposed to the internet. All internet traffic is also encrypted to the same standard as external services. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact. All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.
Firewalls
Our internal networks are protected by firewalls and not exposed to the internet. All internet traffic is also encrypted to the same standard as external services. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact. All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.
Firewalls
Our internal networks are protected by firewalls and not exposed to the internet. All internet traffic is also encrypted to the same standard as external services. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact. All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTPS requests.
Organisational security
All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server. As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.
Organisational security
All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server. As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.
Organisational security
All Luno employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server. As part of our hiring process, candidates must pass criminal background checks before becoming a Luno employee.
Bug bounty
Bug bounty
Bug bounty
We work with an active community of security researchers through our Bug Bounty Program to continually improve the security of Luno and our members' funds.
Start investing today
Your Luno app makes investing straightforward, with a clear and intuitive app experience we know you’ll love.
Start investing today
Your Luno app makes investing straightforward, with a clear and intuitive app experience we know you’ll love.
Start investing today
Your Luno app makes investing straightforward, with a clear and intuitive app experience we know you’ll love.