Security & Privacy

How secure is Lending/Borrowing on Lend at Hodl Hodl?

The main priority of Lend at Hodl Hodl is to keep your funds and data safe.

Lend at Hodl Hodl does not process any private information; therefore, there is no need to worry about your data. To start Lending or Borrowing on our Platform, you only need to provide a valid email address and create a password.

Lend at Hodl Hodl does not have any access to your funds. During a Contract, the Bitcoins are locked in multisig escrow, which requires 2 (out of 3) keys to release the funds, which means that no transaction can happen without the signature of two of the Contract's parties, therefore even if something happens to the Platform, your Bitcoin remains in the multisig storage.

Are you holding my funds?

No, we are not holding your funds. We only hold one out of the three keys to the multisig escrow to be able to arbitrate in case of any disagreements between the Lender and the Borrower.

What is Two-factor authentication (2FA)?

Two-factor authentication (2FA) is an advanced level of security for your account. For security reasons, Lend at Hodl Hodl requires you to have a 2FA enabled before engaging in any contracts. When enabled, it requires you to enter a 6-digit code every time you log into your account, complete a deposit, withdrawal, or payment within your Contract. In order to use it, Lend at Hodl Hodl requires you to have a device with a 2FA application installed. We advise you to use Authy or Google Authenticator.

How do I turn on Two-factor authentication for my Hodl Hodl account?

The 2FA can be enabled in the Accounts services. Go to the "Two-factor authentication" tab on your "Account settings" page and follow the instructions.

What can I do if I lost the Two-factor authentication code generator?

You can use one of your backup codes that you have been asked to save when setting up Two-factor authentication initially.

Otherwise, you can contact the support of the application you were using.

The administrators of Lend at Hodl Hodl have no right to reset your 2FA or assist you in any other way.

The site says my 2FA password is wrong. What should I do?

Invalid tokens are sometimes caused by incorrect device clock settings. Your clock must show the correct local time, date and time zone to work properly. Phones must be set to use internet time to make sure the clock is synced properly. If you do not wish to sync your clock, Android and Windows phones have an option to correct for time errors inside the Authenticator app properties.

What are Trusted Devices?

Trusted Devices is an advanced level of security for your account. When it's enabled, you're only allowed to log in from trusted devices, and every time you try to log in from a new device, you are required to confirm it through email before being able to log in. To enable this functionality go to the "Profile" tab in your "Account settings" and mark the checkbox "Trusted devices only".

How does the "Trusted Devices" feature work?

After turning on this security feature, every time a new device attempts to access your account, you'll immediately be sent an email containing a unique code, which you'll have to enter on Lend at Hodl Hodl in order to access your account from the new device. Otherwise, you will not be able to log in.

If the device has already been confirmed, you do not need to verify it again. Also, after you have entered the code, you will have an option not to remember the device. Therefore, next time you log in from that device, you must confirm it again.