Why your assets are safe with us

Customer safety is our first goal - this is how we approach security.

+3,500,000

users

12

European licences & registrations

7.7k

trusted reviews

Security at Bitpanda


Financial Transparency

Not only are we the leading European crypto investment platform, we are also one of the most regulated. We believe in doing things the right way, not the easy way, which is why we choose to be fully transparent, to acquire licences that see us monitored by multiple financial market authorities, and to have our funds and business practices regularly validated by external parties.

User data protection

Bitpanda only processes your personal data for the purposes permitted according to GDPR. We do not use personal data for automated decision-making, including profiling, and we have several security measures in place to make sure your data is safely stored and processed. Learn more.

Regulations, licences, registrations

The Bitpanda Group diligently follows European laws and regulations. We operate our businesses based on various VASP registrations, as well as MiFID II, E-Money and PSD II licences amongst all our core markets.

Asset protection

We prioritise keeping your assets safe, incorporating multiple security measures to protect them from potential threats. Crypto assets are stored in highly-secure cold storage facilities that are examined by an external auditor. Your assets are yours.

Advanced Encryption

Bitpanda infrastructure and systems are secured with the most modern encryption technologies and supported by our dedicated security teams.

24/7 Coverage

As the markets are open 24/7, so are we. Our Operations, Security and Engineering teams operate on a 24/7 coverage model to respond to any changes within the markets.

Bitpanda customer funds are 100% backed

We continuously undergo internal as well as external reviews by KPMG, one of the most reputable auditors worldwide, to confirm that Bitpanda customer’s assets are covered at all times. If you are a Bitpanda customer, you can request and download the most recent KPMG report here.

Keeping your account secure

Password Management

User passwords are stored using the most trusted and modern hashing algorithms. Nobody can read or decrypt them, including us.

MFA

If activated by the user (highly recommended by Bitpanda) time-based one-time passwords and multi-factor authentication to defend against security threats and additional 2FA in case of user password compromise.

KYC / AML

Robust KYC onboarding and verification procedures, and fully compliant with European regulation.

Account Lock

Users are prompted via email to verify every password reset request and to freeze their account if the request was not initiated by them.

Session Management

Bitpanda allows users to see which browsers and devices they are logged in from to control their account access.

Account monitoring

Important notifications to the user to ensure overview of user account activity.

Platform Security

Infrastructure
safeguards

We have a system of layered technical defences in place to safeguard our platform and to uphold the confidentiality, integrity and availability of our infrastructure. Additionally, we practise secure software development lifecycle in order to build our products

Internal
security
measures

Our internal security teams ensure the day-to-day activities of our colleagues take place in a secure manner as part of a safe and controlled environment. We build and run our insider threat monitoring programme and regularly conduct training exercises to increase awareness of security topics across the organisation.

Continuous
security
assessment

Routine assessments of our security controls and processes through exercises like penetration tests completed by reputable external parties, proactive internal threat hunting, as well as our public Bug Bounty programme ensure that we can prevent potential attacks and minimise risk.

Bitpanda Custody 

Bitpanda Custody is the insured, user-friendly custodial wallet platform for institutional-grade security, automation and management of crypto assets across blockchains and DeFi.

Discover more

  • Is Bitpanda safe?

    We take our users’ safety very seriously. Security is a natural and foundational part of everything we do from developing and deploying code to building and running our platform.

  • Is Bitpanda regulated?

    We operate our businesses based on various VASP registrations, as well as MiFID II, E-Money and PSD II licences amongst all our core markets. The Bitpanda Group diligently follows European law and regulations, and Bitpanda Payments GmbH possesses a payment service provider licence under PSD2, recently becoming an E-Money Institute. Our stringent user verification processes are also fully compliant with AML5.

  • Who owns my assets?

    When you invest with Bitpanda, you do. You are the beneficial owner of your assets (crypto assets and metals) and we hold them in custody, as a trustee. It’s your investment, your assets - we just keep them safe. All assets are held in a highly-secure environment and we as Bitpanda are regularly assessed by an external auditor. As a result, if something goes wrong, you will not be treated as an unsecured creditor and you don’t risk losing your assets. Instead, you assert the right of separation under Austrian law. For Bitpanda Stocks we have implemented a pledge system and all underlyings are held with a licensed custodian for securities (please refer to our prospectus). So whether you want to move it, trade it, invest it or grow it; it’s your investment, your choice.

  • Does Bitpanda really have all client assets (all Crypto assets, BCI, Bitpanda Stocks, ETFs & Commodities and Metals) backed 1:1?

    Yes, all of our customers' assets are physically backed up 1:1 and are stored in a highly secure environment.

  • Do we speculate with client assets at all?

    No, we do not speculate with customers’ assets in any of the asset classes we offer to our customers (crypto assets, BCI, Bitpanda Stocks, ETFs & Commodities and Metals).

  • Bitpanda operates as a trustee - what does that mean for our clients?

    Bitpanda manages client assets as a trustee, the client remains the beneficial owner. But what does that mean?

    Bitpanda holds clients crypto assets as trustee under a legally binding trust agreement with its customers and therefore there is a legally binding separation between our own assets and those of our customers.

    We do not speculate with customers’ assets we hold. 

    Customers have a right to separation and are not treated as unsecured creditors; therefore customers cannot lose their crypto assets in custody.

  • How does ownership of the assets included in the crypto indices work?

    Ownership works just like with other assets. You are acquiring each single asset and not a basket.

  • Do we plan on integrating hardware wallet interoperability?

    Thanks for your suggestion. We are working around the clock to improve our blockchain infrastructure, so our customers have all deposit/withdrawal options they need. Withdrawing or depositing to and from Bitpanda to your Ledger is already possible, by simply using your ERC-20 deposit/withdrawal address. A deeper integration is not planned right now, but we can consider it for the future. Hope this answers your question.

  • What about 99% of BEST being in 3 wallets? Are funds safe?

    We are the safe custodian for our users and our distribution of user funds within these wallets is distributed between our many BEST holders.

    These funds are on Bitpanda wallets, as BEST is our ecosystem token and users benefit most from the loyalty program, when they are holding it on our platform.

  • What does cold wallet storage mean? How does it work?

    Bitpanda holds all assets of customers as a trustee and these are 100% backed by real assets and kept in a highly secure environment (warm and cold wallets). We do not speculate with our clients’ assets and they are never used as collateral.

  • How does this work when Staking is involved?

    With staking, we simply delegate the crypto assets, so the funds are always under our control.

Please note that this is an abbreviated statement for informational purposes only and this statement is not legally binding. For all details regarding the legal customer relationship as well as the trust agreement the respective general terms and conditions apply and please refer to them. Any insolvency procedure in any European jurisdiction is subject to mandatory European and local law and therefore the assessment of the competent insolvency administrator and the competent courts. For this reason, the statements in this information as well as the general terms and conditions are not conclusive and there remains a risk that this legal setup will be qualified differently.