Shrimpy was built with security in mind from the beginning. Every API key is securely encrypted and stored using FIPS 140-2 validated hardware security modules (HSMs) to protect the confidentiality and integrity of your Exchange API keys.
Shrimpy only requires the ability to read data and make trades, so your funds cannot be removed from the exchange. We also encourage all users to utilize our Two-Factor Authentication (“2FA”) service which secures access to your account.
In order to further improve the security of your assets, Shrimpy also offers the ability to input asset amounts through our "Cold Storage" feature. The assets listed here should be kept in a hardware wallet or other similar personally secured solution that you manage. This allows the application to consider these values for trading and rebalancing your portfolio, even though they are not maintained on the exchange. This balances liquidity of your portfolio with the security of leaving the majority of your holdings off the exchange.