There are two aspects to our security - the first is technical and the second is about me and Scott personally.
On the technical side, we know that any online service is a potential target, and that’s especially true for anything that deals with money. Criminals attack e-commerce sites and banks, but crypto pools are especially attractive due to limited regulation and options for redress for the victims of cybercrime, especially when the culprits reside in a foreign country. This field is still very new and governments have lagged behind.
We take our responsibility seriously and follow the best practices we’ve learned over decades of software development experience. In addition, we’ve contracted with an AWS certified consultant to audit our implementations before going live.
Specifically, we’re running on AWS and have segregated the various pieces of our infrastructure into distinct VPCs with minimal connectivity between them. We maintain a strict separation of production and staging environments and follow the principle of least privilege with regard to the administrative accounts used to access them. We prefer automation over human intervention.
In addition to these precautions against skilled hackers, we understand the ever-present threat of brute-force DoS attacks and have placed our service behind Cloudflare in order to defend against this eventuality.
Our Chia wallet will be kept offline except for a regular but randomly scheduled payment process when we sweep funds into our pool members’ accounts. The less time we can hold and transact with your XCH, the better.
Finally, Scott and I just don’t have any interest in being slimy sleazeball criminal types. It’s not in our nature and we don’t care to spend our lives feeling like scumbags. Language warning, but if you want to hear it from the horse’s mouth, here you go.
To summarize: Belly Flop Club’s security is based on our technical backgrounds, our sober understanding of risks, and basic decency.