ビットコインのセキュリティに関して - セキュリティについての取り組み

CoinFLEX operates with a 99% cold storage policy, with up to only 1% stored in a secure hot wallet. Our system has been built such that no single person, vault location or device failure could compromise the integrity of user Bitcoins.

All users are required to set up either Authy or YubiKey two-factor authentication meaning that if someone were to find out a user’s username and password they would still not be able to log into their account without the user’s Authy one-time password token or YubiKey.


All the information supplied by you is transmitted via Transport Layer Security (TLS) protocol. Once we have received your information, we use strict procedures and security processes to prevent any unauthorized access. Your data can only be accessed by authorized CoinFLEX staff. Two-Factor Authentication: We believe that Two-Factor Authentication (2FA) should be a required standard for any financial services company. Passwords alone are insecure and in order to follow the “something you have” and “something you know” standard of security, we require the use of 2FA for all users, all of the time.

2 段階認証 (2FA) FAQ


2 段階認証 (2FA) は、ログイン情報に更なるセキュリティレイヤーを追加します。これは、 「あなたが知っているもの」と「あなたが持っているもの」の組み合わせで利用するセキ ュリティ機能です。最初のものはパスワードで、2 番目のものは物理的なデバイス、携帯電 話、タブレット、コンピュータ、または YubiKey のいずれかです。2 段階認証は、ユーザー 名とパスワードのみを使用する場合と比較して、はるかに強力なセキュリティを提供しま す。

現在、2 段階認証でアカウントにアクセスするための 3 つの異なる方法を提供しています。

Google Authenticator

Google Authenticator は、2 段階認証サービスを実装した Google によるソフトウェアベー スの認証機能です。

Google Authenticator は、お使いの携帯電話上で 2 段階認証コードを生成します。パス ワードに加えて、お使いの携帯電話の Google Authenticator アプリで生成されたコード が必要となります。詳細については、 Google Android または Google iPhone をご覧くだ さい。

これは小さな USB スティックの形をしたワンタイムパスワード(OTP)生成装置です。 アカウント申請時に「YubiKey」オプションを選択し、YubiKey トークンを入力してくださ い。 CoinFLEX アカウントにサインインするたびに、YubiKey で生成されたセキュリティトーク ンを提供する必要があります。 互換性のある YubiKey は Amazon で購入できます。 FIDO U2F セキュリティキーは互換性のあるキーではありません。 詳細については、YubiKey FAQ をご覧ください: http://www.yubico.com/support/faq/

この方法は、電話番号を使用してワンタイムパスワード (OTP) でアカウントを確認します。 OTP は一度の使用に限り有効であり、認証のために再度使用することはできません。

アカウントを申請する際には、「Authy」オプションを選択し、国番号を除いた電話番号を 入力してください(例:07712343456)。 すると、Authy アプリをダウンロードしてアカウントを登録するように促す SMS が届きます。 これが完了すると、アカウントにログインするたびに、アプリに表示される OTP セキュリ ティトークンを提供する必要があります。 詳細については、Authy FAQ: https://www.authy.com/faq.

Authy アプリは必要ですか?

いいえ。Authy アプリをダウンロードしてインストールしないことを好む場合は、2 段階認 証のお好みの方法として YubiKey を使用することができます。 Authy 2FA は、コードを取得するための複数の方法を提供します。Android または iPhone 用の モバイルアプリ 、または Chrome 拡張機能として実行される デスクトップアプリ which runs as a Chrome extension. Authy apps are instant, do not require continuous internet connection and the desktop app enables a seamless two-factor authentication experience. You can find out more about these options on the Authy blogをご覧ください。 また、こちらもお読みくだ さい。 A YubiKey is a small USB device that you register with your CoinFLEX account and use every time you sign in. You can find out more about YubiKeys こちら と こちら. You can purchase a compatible YubiKey on Amazon. CoinFLEX supports 44-character YubiKey tokens. If you are a YubiKey VIP user, please use slot 2 to generate a valid token. FIDO U2F Security Key is not a compatible key.

CoinFLEX が SMS での 2 段階認証に対応していない理由

There has been an increase in the instances of people having their mobile phone numbers taken over by malicious attackers via social engineering of mobile phone operator staff. In summary, the attack involves a hacker contacting a victim’s phone operator and convincing a call centre agent to transfer the victim’s phone number over to another, hacker controlled, SIM card. From there, the hacker arranges to reset the victim’s email using the SMS recovery option on their email account by which point the hacker often has all the information they need to access the vast majority of the victim’s online accounts. What makes this different from other attacks is that someone could have reasonably good security and it can still be circumvented. Thus, to prevent this on the CoinFLEX platform, we do not support SMS for 2FA sign in.

Authy アプリをインストールしましたが、"multi-device is disabled "エラーが表示され ます

“Multi-device is disabled” error usually appears if you have already had an installation of the Authy app present and you no longer have access to the app (e.g. it was on your previous device). To resolve the “Multi-device is disabled” issue, you need to Authy で直接アカウントをリセット with Authy. Once this process is complete you will be able to install a new Authy app which will not show this error. Please note that using the Authy multi-device function will enable all your Authy token accounts on the added devices.

Authy アプリをインストールしましたが、アカウント一覧に CoinFLEX が表示されません。

If CoinFLEX does not appear in your list of accounts within the Authy app, please take the first step of uninstalling the app, reinstalling it, and registering again it with your phone number. Your local install of Authy can become corrupted due to an OS update, factory reset, or something similar. We recommend installing Authy on another device, like a laptop or tablet, to assess if the problem is related to Authy or your device. The Authy Chrome App works with Windows, Linux and Mac and can be ここからダウンロード. After verifying the new device works, please reinstall Authy on your old device and the apps will sync. If these steps do not work, please try removing all previously registered devices on your Authy account listed under settings, and then reinstall the app. You may be required to clear all device registrations on stored on Authy’s server. To do this, use this link. This reset will take 24 hrs and cannot be accelerated, so this action should only be taken as a last resort if an alternate device will not work.

登録 SMS トークンが届かない場合はどうすればいいですか?

An SMS token is sent only during the Authy registration stage during the application process for a CoinFLEX account. An SMS is not sent for signing in or resetting a password. If you’ve been using SMS to sign in to your CoinFLEX account, you will be required to Authy アプリをダウンロード on your smartphone or computer (as a Chrome extension) and register it with the same phone number you have been receiving the SMS on. CoinFLEX will appear on your list of accounts without the need to type codes or use QR codes. SMS is a best effort protocol, meaning your carrier will do it’s best effort to deliver the message to you. High network traffic or SPAM filters could prevent you from receiving the registration text message.

If you have not received the SMS, please follow these steps:

  1. Verify that you have entered your phone number correctly.

  2. Confirm that you are using a web browser that supports SMS requests.

  3. Install the dedicated App: opening https://www.authy.com/install/ within your phone or computer browser will show you if there is an App for your device. You must enter the same phone number you used when applying for your CoinFLEX account. If you see CoinFLEX on the list of your Authy accounts, you can use the token from the App instead of the SMS token.

Authy トークンが'invalid'エラーを返す場合

If you have not received the SMS, please follow these steps:

  1. You’ve entered spaces with the token (either between characters or around the token). The token consists of characters with no spaces.

  2. You’ve used a token assigned to a different account (either not a CoinFLEX Authy token or a CoinFLEX token from an App registered with a different Phone Number)

  3. You are attempting to use a token which is not the most recently generated.

    The token has expired (tokens are valid for 20 sec).