Cybersecurity Risk Management and Strategy

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks, intellectual property theft, harm to employees or customers and violation of data privacy or security laws.

We are a holding company and our operations are conducted through Finfront, with principal executive offices in Singapore. We receive, process, store and transmit, often electronically, data of customers, much of which is confidential. Cybersecurity risks increase when we transmit information from one location to another, including over the internet or other electronic networks. We have implemented comprehensive internal policies and measures for assessing, identifying and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incidents. We have also integrated cybersecurity risk management into our overall enterprise risk management system. The main internal policies and measures are as follows: 

We have implemented a set of procedures to ensure effective management of the cybersecurity risks associated with the use of third-party service provider, CrowdStrike Falcon OverWatch (“CrowdStrike”), to help us reduce the risk of cybersecurity attacks. Our internal security team conducts regular inspections on the hunting reports generated by CrowdStrike.

Our digital assets are mined to and stored in offline cold wallet, which is a physical device that holds digital assets offline and aims to prevent hackers from being able to access digital assets via traditional internet-hacking means. Access to digital assets in such cold wallet requires separate authentication from different authorized individuals.

As of the date of this Report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect our business strategy, results of operations or financial conditions.

However, despite the measures we have implemented, our miners, systems and procedures, and those of our third-party service providers, may be vulnerable to security breaches, acts of vandalism, software viruses, misplaces or lost data, programming or human errors or other similar events which may disrupt our delivery of services or expose the confidential information of our customers. Furthermore, security breaches, computer malware and computer hacking attacks have been a prevalent concern in the digital asset exchange market. Therefore, there can be no assurance that cybersecurity incidents or threats would not occur to us in the future.

Cybersecurity Governance

Our board considers cybersecurity risk as part of its risk oversight function. The board receives regular reports from management on our cybersecurity risks and any material cybersecurity incidents.

Our Chief Executive Officer and Chief Technology Officer are responsible for assessing and managing cybersecurity risks. Our Chief Executive Officer has over 12 years of experience in banking system development and operation and holds certificates of IT System Management and Certified Information System Auditor.

We have also adopted an information security incident emergency response guide (the “Cybersecurity Emergency Response Guide”), which sets out details procedures for detecting, reporting, and responding to cybersecurity incidents. Our Cybersecurity Emergency Response Guide also include steps to contain the incident, investigate the root cause, and restore normal operations. Pursuant to our Cybersecurity Emergency Response Guide, we regularly conduct training for our team members who are responsible for responding to any cybersecurity incident to ensure their competence in such situations.