EMCD’s Approach to Safeguarding Assets and User Data

In the first half of 2025, the crypto industry suffered losses of $3.1 billion due to scams and hackers. This figure surpasses the total for the entire year of 2024, which stood at $2.85 billion.

We discussed user data security and protection with representatives from EMCD, one of the world’s top 10 Bitcoin mining pools. The project team is also developing a financial product ecosystem, including the Coinhold Earn service with up to 14% annual returns and a P2P platform.

Core Principles

EMCD bases its security on threat prevention and responsibility distribution principles. Specialists analyze threats, create a risk map (identifying potential vulnerabilities), and proactively reinforce these areas. All system elements are protected according to international ISO 27001 standards.

The monitoring system tracks deviations from normal operations, detects suspicious activity, and automatically responds to incidents following pre-developed protocols. Recovery mechanisms are in place to swiftly restore services to operational status.

“We believe security encompasses not only technical solutions but also organizational processes and internal culture. The entire team, not just a single information security specialist, bears responsibility,” comment representatives from EMCD.

All sensitive information is encrypted during transmission and storage. EMCD employs cryptographic algorithms and the TLS protocol.

Role-Based Access and Permissions

EMCD utilizes a segmented infrastructure, where each component has its own access level. Employees are granted rights only to the systems relevant to their position.

Encryption keys are issued only to authorized personnel. System access is granted through verified logins and SSH keys—universal accounts are not used. Access to databases and internal applications is possible only after multi-factor authentication.

EMCD’s infrastructure is modular. Even if an intruder gains access to one component, they cannot proceed further. The intrusion detection system (IDS) and protection against DDoS attacks enable prompt responses to abnormal activity.

“EMCD trains all employees in security protocols. They know how to handle corporate devices, manage passwords, and control access. System rights are granted strictly by role and only after managerial approval. All corporate devices are connected to a mobile device management (MDM) system, which monitors activity and blocks access if necessary,” note EMCD representatives.

Any system changes undergo internal audits and independent external tests to identify vulnerabilities.

Personal Data Processing

EMCD collects only the personal data necessary for service provision, legal compliance, and user security.

The company gathers only essential information and does not share data with third parties without legal grounds. Data storage complies with UAE regulatory requirements.

“We store user information on secure servers in accordance with retention periods: most data is deleted with the account, some after 5-8 years as per UAE laws,” comment EMCD representatives.

Details on personal data processing conditions can be found in the privacy policy on the EMCD website. The company announces all changes to the privacy policy and new feature launches in advance via the website and personal account.

Users can request information on stored data, demand corrections or deletions, restrict or stop processing, and withdraw consent. To do so, they should contact EMCD support.

Earlier, ForkLog analyzed the profitability of Earn products from crypto exchanges and other crypto services, including Coinhold.