Trust is our product.
Our founders, Cameron and Tyler Winklevoss, were early investors in cryptocurrency and struggled to find a platform where they could securely manage their growing portfolio. Out of that frustration and lack of trust, they built Gemini to deliver the first trusted platform that focused on strong security controls and compliance.
Today, every employee at Gemini continues our founders’ focus on security and compliance, in order to build trust. Gemini has built a leading security program focused on developing innovative security solutions to help protect and secure our customers and their assets. We have also invested considerable resources to remain transparent about our security posture, through third party security assessments, including our SOC2 Type 2, ISO 27001, and annual penetration testing.
Contacting the Security Team
Reporting Fraud or Abuse
We’ve built a rules-based marketplace with security at its core, so that our customers can focus on building their crypto portfolio. Our team is ready to help should you encounter fraud or abuse. We recommend you take a moment to visit our Trust and Safety page, which contains materials to help users avoid fraud and spot scams.
Coordinated Disclosure Program
We welcome contributions from security researchers to help us build and secure the future of money. To submit a security vulnerability to Gemini, or to learn more about our coordinated disclosure program, please visit our HackerOne page. Impactful vulnerability submissions will be considered for inclusion in Gemini’s private bug bounty program.
Valid Gemini Communications
Gemini does not offer phone support. All support is provided via email. You will only be contacted via a valid Gemini email. Emails from Gemini will always end with the .gemini.com domain name. For example, emails from email@example.com or from the sub-domain firstname.lastname@example.org are valid Gemini email addresses, because they end with .gemini.com.
Industry Leading Security Controls
Trust is our product, which begins by building and maintaining a secure customer experience. The following provides information about the leading security controls we’ve implemented to secure customer accounts and assets, and mitigate the risk of insider threats.
We build innovative security solutions to better protect our users and their accounts.
Two-Factor Authentication (2FA) is required by default, in order to access your account and make withdrawals.
Support for hardware security keys, like Yubikey, allows for a more secure 2FA experience for account access.
Address allowlisting allows users to restrict cryptocurrency withdrawals to allowlisted cryptocurrency addresses.