This Product Security Overview outlines the key security measures implemented by BLOX BLOCKCHAIN SDN. BHD. (the “Company”, “Blox”, “Us”, “We”, and “Our”) in relation to the digital platform services (the “Platform”) provided by the Company and the operation of the stablecoin MYRC.
This Product Security Overview is intended to provide an overview of the technical and operational safeguards in place to protect user assets, personal information, and system infrastructure from cyber threats and unauthorized access.
To prevent unauthorized access and ensure that only verified individuals can interact with our Platform, BLOX has implemented a multi-layered authentication framework, combining usability with uncompromising security.
2.1 Secure Account Creation
To ensure that only legitimate users can access the Platform, BLOX implements a mandatory e-Know Your Customer (e-KYC) process for all new account registrations. This means users must verify and authenticate their identity by providing official government documents. This process helps prevent creation of fake accounts and identity fraud, which ensures a more secure and trustworthy online environment for all users.
2.2 Mandatory Two-Factor Authentication (2FA)
User interactions with the Platform are protected by mandatory 2FA, requiring users to authenticate using a secondary verification method, which is a time-based one-time six-digit (6) code in addition to the primary credentials. This significantly reduces the risk of account compromise due to phishing or credential theft.
2.3 Adaptive Session Management
Active sessions on the Platform are set to automatically expire after a defined period of inactivity to reduce the risk of unauthorized access from unattended devices.
2.4 Brute-Force Protection
The Platform’s login system has in-built protections that limit the number of login attempts. With each failed attempt, the system increases the waiting time before another try is allowed, making it harder for unauthorized users to break in. In some cases, the system may temporarily lock the account to further protect against unwanted access.
Blox’s cybersecurity architecture is designed to proactively identify, isolate, and neutralize threats before they can impact Platform performance or security. We have implemented a defense strategy, including the following key measures:
3.1 End-to-End Encryption
All data transmissions between users and the Platform are secured using Transport Layer Security (TLS) version 1.3, which provides forward secrecy and protection against unwanted intrusions. TLS 1.3 is currently the latest and most secure version of the protocol used to encrypt data sent over the internet.
3.2 Web Application Firewall (WAF)
All traffic coming into the system is filtered through a sophisticated WAF which will look for known signs of attack and detect unusual behaviour. The WAF will make use of known threat patterns and behaviour-based analysis to detect and block malicious activity. This includes common web-based attacks such as SQL injection and cross-site scripting. This proactive filtering mechanism helps ensure the platform remains secure and resilient against evolving threats.
3.3 Zero Trust Architecture
Blox has adopted a zero-trust framework internally, where no user or device is trusted by default, even if it is already inside the network perimeter. Access to systems and data is governed by strict role-based access control and policy-based endpoint compliance checks. Every user must have the right permissions, and every device must meet security standards before they can access sensitive data or systems.
3.4 Ransomware & Disaster Recovery Resilience
Blox maintains encrypted, immutable, and versioned backups across multiple locations. These backups are routinely checked for integrity and can be quickly restored in the event of data corruption, ransomware infection, or system-wide compromise.
Blox adopts a proactive approach to cybersecurity by continuously monitoring our systems for potential threats and unusual activity. Our infrastructure is equipped with advanced detection tools and supported by a dedicated response team to identify, investigate, and respond swiftly to any security incidents. This ensures that risks are managed in real time and any potential breaches are addressed with minimal impact. Security measures taken includes:
4.1 Threat Monitoring
Our Security Information & Event Management (SIEM) platform collects activity logs and data across the system and alerts the security team on suspicious behaviour, policy violations and potential breach. Upon detection, the security team promptly investigates and takes the necessary actions to address and resolve the issue.
4.2 Dedicated Incident Response Team (IRT)
BLOX has a dedicated IRT responsible for managing all cybersecurity incidents. This team actively monitors for threats and follows established response playbooks to ensure a fast, consistent, and effective approach to incident handling. Upon detection of a potential threat, the IRT conducts triage to assess its severity and scope, isolates affected system if necessary, investigates the root cause, and coordinates containment, remediation, and recovery efforts.
4.3 Breach Notification & User Communication Protocols
In the event of any actual or suspected data breach, cybersecurity incident, or unauthorised access involving the Platform, Blox will take all reasonable steps to investigate, contain, and remediate the issue as soon as practicable. While the Company is committed to maintaining a high standard of security and responding swiftly to such incidents, Blox does not accept and hereby expressly disclaims, to the fullest extent permitted by applicable law, any liability or responsibility for losses, damages, or disruptions that may arise directly or indirectly from such events, regardless of cause, including but not limited to system vulnerabilities, third-party attacks, or force majeure events.
Upon confirmation of a material breach involving personal data or platform integrity, Blox will promptly notify affected Users through appropriate channels, including email and in-app alerts. The Company may also notify relevant authorities or regulators in accordance with applicable laws and regulatory requirements. Any such notifications will include, to the extent available, a description of the incident, remedial measures undertaken, and guidance for Users on protective actions they may consider.
4.4 Reporting Channels
Users can report security incidents, phishing attempts, or suspicious activities via our escalation channel: security@blox.my. Our infrastructure is under round-the-clock surveillance, with the ability to escalate incidents to the IRT within minutes of detection.
The security measures described in this Product Security Overview reflect the current practices and controls implemented by Blox as of the date of this document. These measures may evolve from time to time in response to emerging threats, technological advancements, and regulatory developments. While we are committed to maintaining robust security standards, Blox is not obligated to update or notify third parties of changes to this document.
5.1 This document is provided strictly for informational purposes only and should not be relied upon as a guarantee or warranty of the Platform’s immunity from cyberattacks, system failures, or unauthorized access. While we are committed to maintaining a high standard of security, no digital platform is entirely risk-free.
5.2 Users are strongly advised to exercise their own discretion and judgment when engaging with digital platforms and using digital tokens. As with all technologies involving online systems and digital assets, there are inherent risks, including but not limited to data breaches, phishing, account compromise, and token volatility or loss. By using the platform, users acknowledge and accept these risks as part of the broader digital ecosystem.
5.3 To the fullest extent permitted by applicable law, Blox, its affiliates, directors, officers, employees, agents, and service providers disclaim all liability for any direct, indirect, incidental, consequential, punitive, or special loss or damages, including without limitation loss of data, revenue, profits, goodwill or business opportunities, arising out of or in connection with any reliance on this Product Security Overview, use of the Platform, or any cybersecurity event, system failure, or unauthorized access.
5.4 In the event of any actual or attempted security breach, system compromise, data loss, unauthorised access, or other cybersecurity incident, whether arising from external attacks, internal vulnerabilities, software failures, user negligence, force majeure events, or any other cause, you expressly acknowledge and agree that you shall assume full responsibility and risk in connection with you use of the Platform and any digital assets held or transacted thereon. To the maximum extent permitted by applicable law, Blox shall not be liable for any loss, damage, or liability suffered or incurred by any user as a result of or in connection with such incidents, and no representation or warranty is made that the Platform or any related systems are secure, error-free, or immune to disruption, compromise, or unauthorised interference.
For further inquiries or to report any issues relating to the Platform, Users may contact the Company at support@blox.my.