Security overview


One thing we don’t gamble with is security. Here is a brief overview of the security measures we are taking to make sure you are safe in our casino.

Digital assets security

Only a small amount of Bitcoin is stored on our primary servers that is able to handle regular withdrawal amounts. The remaining funds are kept in secure, offline cold storage and are only accessed by two authorized employees on an as needed basis to fulfill large withdrawals.

Data security

To make sure our users data doesn't get lost, we do hourly and daily backups of our database and we store our backups in an encrypted form on remote servers to make sure your data never gets lost. Our encryption keys are also stored offline.

Website security

  • All website data is transmitted over encrypted Transport Layer Security connections including websocket connections and we use HTTP Strict Transport Security on modern browsers. Our website passes Qualys SSL server test with an A grade.
  • We use technology to mitigate distributed denial-of-service (“DDoS”) attacks
  • Passwords are salted then hashed using modern proven standards
  • Rate-limiting is applied to certain operations such as login, signups or account recovery to prevent brute force attacks against our user accounts and our resources
  • CSRF tokens are used to prevent unauthorized requests on your behalf
  • We use HTTP-only cookies
  • XSS filters are applied to user provided data
  • We prevent framing of our website to protect against clickjacking
  • We monitor the activity on our website and servers to identify unusual behaviors

Reporting security issues

If you believe you have found a security vulnerability on CakeBet, please let us know through our vulnerability discovery program on hackerone.com.