Security and Custody

ClickOptions follows institutional-grade security practices to ensure client funds, Vault capital, and protocol operations remain safe under all conditions.

Asset Segregation

• Client funds are fully segregated and held with BitGo, a regulated third-party digital asset custodian.

• Vault capital is isolated in smart contracts and custodial accounts, separate from ClickOptions’ operational treasury.

• Segregation ensures that client withdrawals and option settlements remain unaffected by ClickOptions’ finances.

Custody & MPC/HSM

• BitGo provides institutional-grade custody, with wallets secured via MPC (Multi-Party Computation) and HSM (Hardware Security Module) technology.

• Private keys are never concentrated in one location; signing requires threshold approvals.

• MPC wallets are used for hot/warm environments, while cold storage remains fully HSM-backed.

• Withdrawal approvals are subject to BitGo’s multi-sig and compliance framework.

Key Ceremonies

• Formal key generation ceremonies are conducted by BitGo for custodial keys, following regulated standards.

• Vault smart contracts follow a separate key ceremony process for contract deployment, overseen by ClickOptions and independent auditors.

• Keys are rotated periodically and following any security event.

Penetration Testing & Audits

• BitGo custody is independently audited and SOC 2 Type II certified.

• ClickOptions commissions regular penetration tests on its trading infrastructure.

• Smart contract audits are mandatory for all on-chain modules (Vault, Regen Pool, DAO governance).

• A bug bounty program incentivizes responsible vulnerability disclosure.

Secure Development Lifecycle (SDLC)

• Development follows a secure software lifecycle with:

  • Peer code reviews.

  • Automated security scans.

  • Continuous integration pipelines with inline security checks.

  • Role-based access for production deployments.

• Threat modeling is applied for every new feature.