How We Keep Your ZYM Balance Safe

January 2025 3 min read Security

In the world of cryptocurrency, security is not a feature. It is the foundation everything else is built on. A mining platform can have the best user experience, the most generous rewards, and the most ambitious roadmap, but none of it matters if users cannot trust that their balances are secure.

At Zyntex, security is embedded into every layer of our architecture. This article provides a transparent, detailed look at the measures we use to protect your ZYM balance, your personal data, and the integrity of the mining ecosystem.

Authentication: Your First Line of Defense

Account access begins with authentication, and we take a multi-layered approach to ensure that only you can access your account.

Phone Number Verification with OTP

When you create a Zyntex account, your phone number is verified through a one-time password sent via SMS. This OTP must be entered within a short time window to confirm your identity. Unlike email-based verification, phone-based OTP is tied to a physical device that you control, making it significantly harder for attackers to hijack your account remotely.

Every time you log in from a new device, the OTP process is repeated. This means that even if someone obtained your login credentials, they would still need physical access to your phone to complete authentication.

Session Management

Active sessions are monitored and managed server-side. If suspicious activity is detected, such as simultaneous logins from different geographic locations, sessions can be automatically invalidated. You can also manually log out of all devices from within the app if you suspect your account has been compromised.

Security tip: Never share your OTP code with anyone, even if they claim to be from Zyntex support. Our team will never ask for your verification code. If someone contacts you requesting this information, it is a scam.

Data Protection: Encryption at Every Level

Your data is encrypted both in transit and at rest. Here is what that means in practice.

Transport Layer Security

All communication between the Zyntex app and our servers uses TLS encryption. This is the same standard used by banks and financial institutions to protect data as it travels over the internet. It prevents eavesdroppers from intercepting your data, even if you are using a public Wi-Fi network.

Database Encryption

User data stored in our database is encrypted at rest using industry-standard encryption algorithms. This means that even in the extremely unlikely event of a database breach, the raw data would be unreadable without the encryption keys, which are stored separately in a hardware security module.

Minimal Data Collection

We follow the principle of data minimization. We only collect the information that is strictly necessary to provide our services. We do not store your full government ID after KYC verification is complete. We do not track your location beyond what is needed for fraud detection. And we never sell or share your personal data with third parties for marketing purposes.

Firebase Security Rules: Protecting the Database

Zyntex is built on Firebase, Google's cloud platform for mobile and web applications. Firebase provides a powerful security rules engine that acts as a gatekeeper for every database read and write operation.

How Security Rules Work

Firebase security rules are server-side logic that runs before any data is read from or written to the database. These rules verify that the user making the request is authenticated, that they have permission to access the specific data they are requesting, and that the data being written conforms to expected formats and constraints.

For example, a user can read their own balance but cannot read another user's balance. A user can update their own profile but cannot modify their mining rate or referral count directly. These operations are handled exclusively by secure server-side functions that validate every change before it is committed.

Server-Side Validation

Critical operations like mining rate calculations, referral credit awards, and balance updates are performed by server-side cloud functions. These functions cannot be tampered with by clients. Even if someone reverse-engineered the app and attempted to send manipulated data, the server-side functions would reject any request that does not match expected parameters.

Defense in depth: We do not rely on any single security measure. Even if one layer were compromised, multiple additional layers would prevent unauthorized access. This layered approach, known as defense in depth, is the gold standard in security engineering.

KYC: Keeping the Ecosystem Clean

Know Your Customer verification serves two purposes at Zyntex. First, it satisfies regulatory requirements that will be necessary for exchange listings and token withdrawals. Second, and equally important, it prevents bad actors from creating multiple fake accounts to exploit the mining system.

The Verification Process

Our KYC process involves submitting a government-issued photo ID along with a live selfie for biometric matching. The system uses automated document analysis and facial recognition to verify that the person creating the account is who they claim to be and that they have not already created another account.

Privacy Considerations

We understand that submitting personal identification documents requires trust. That is why our KYC process is handled by a certified third-party verification provider that specializes in secure identity verification. Your documents are processed in an isolated environment, and raw images are not retained after verification is complete. Only the verification result (approved or rejected) and a hashed identifier are stored in our system.

Anti-Fraud Detection

Protecting the mining ecosystem from abuse is critical to ensuring fairness for all legitimate miners. Our anti-fraud system monitors for several types of suspicious behavior.

Multi-Account Detection

Sophisticated device fingerprinting and behavioral analysis help us detect when a single person is operating multiple accounts. Accounts confirmed to be duplicates are flagged and their balances frozen pending review. This protects the mining rate for honest users by preventing bad actors from diluting the reward pool.

Bot Detection

Automated scripts and bots that attempt to simulate mining activity are detected through behavioral analysis. Genuine human interaction follows patterns that are difficult to replicate programmatically. Our system analyzes interaction timing, session patterns, and device signals to distinguish real users from automated ones.

Referral Fraud Prevention

Self-referral schemes, where a user creates fake accounts to boost their own referral bonus, are detected through a combination of KYC cross-referencing, device fingerprinting, and network analysis. Referral bonuses are only credited for genuinely distinct, active users.

Fair play commitment: If you suspect fraudulent activity or encounter someone encouraging others to create fake accounts, please report it through the app. Protecting the integrity of the mining ecosystem benefits everyone, and reports are handled confidentially.

Ongoing Security Practices

Security is not a one-time setup. It is a continuous process that requires constant vigilance and improvement.

Regular security audits: We engage independent security firms to perform penetration testing and code reviews on a regular basis
Dependency monitoring: All third-party libraries and dependencies are monitored for known vulnerabilities and updated promptly when patches are available
Incident response plan: We maintain a detailed incident response plan that outlines exactly how the team will respond to various security scenarios, minimizing response time if an issue ever arises
Bug bounty program: Launching in 2025, our bug bounty program will reward security researchers who responsibly disclose vulnerabilities, creating an additional layer of protection through community participation

What You Can Do

While we invest heavily in platform security, your own practices matter too. Here are steps you can take to protect your account:

Keep your phone's operating system updated to ensure you have the latest security patches
Do not root or jailbreak your device, as this can expose your data to malicious applications
Never share your OTP or login credentials with anyone, regardless of who they claim to be
Complete KYC verification to add an additional layer of identity protection to your account
Report suspicious messages or phishing attempts to our support team immediately

Trust is built through transparency and consistent action. We are committed to maintaining the highest security standards as Zyntex grows, and we will continue to share updates about our security practices with the community. Your ZYM balance is safe with us, and we intend to keep it that way.

← Back to all articles