MOTION to Unseal Document [102] SEALED MOTION FOR LEAVE TO FILE DOCUMENT UNDER SEAL filed by SECURITIES AND EXCHANGE COMMISSION (This document is SEALED and only available to authorized persons.) filed by SECURITIES AND EXCHANGE COMMISSION by SECURITIES AND EXCHANGE COMMISSION. (Attachments: # (1) Text of Proposed Order, # (2) Exhibit SEC Motion To Compel Exhibit 10 (Redacted), # (3) Exhibit SEC Motion to Compel Exhibit 14 (Redacted), # (4) Exhibit SEC Motion to Compel Exhibit 15 (Redacted), # (5) Exhibit SEC Motion to Compel Exhibit 16 (Redacted), # (6) Exhibit SEC Motion to Compel Exhibit 19 (Redacted), # (7) Exhibit SEC Motion to Compel Exhibit 21 (Redacted), # (8) Exhibit SEC Motion to Compel Exhibit 26 (Redacted), # (9) Exhibit SEC Memorandum in Support of Its Motion To Compel, # (10) Exhibit Declaration of Jennifer Farer in Support of SEC Motion to Compel)(Scarlato, Matthew). Added MOTION to Withdraw on 9/15/2023 (znmw).
Page 1 EXHIBIT 10Page 2 Confidential | Binance.US
Binance.US Digital Asset & Custody
Operations Policy
Date Issued
5/15/
Supersedes Issuance Dated
NA
Version 1.
BTSBTS00833833Page 3 Confidential | Binance.US
This document supersedes all previous versions.
2 / BTSBTS00833834Page 4Page 5Page 6Page 7Page 8Page 9Page 10 Confidential | Binance.US
insufficient, the US Clearing employee requests the cold wallet transfer to .COM
employee in Wea, COM employee submits the transfer request in TSS and 4/
private key owners will approve the transfer.
5.2.10.
Cold to Fee Address
When the fee address is insufficient to pay the on-chain gas fee, the US
employee requests the cold wallet transfer to .COM employee in Wea, COM
employee submits the transfer request in TSS and 4/7 private key owners will
approve the transfer.
5.2.11.
Cold to staking wallet
When there is a staking request, the US employee requests the cold wallet
transfer to .COM employee in Wea, COM employee submits the transfer request
in TSS and 4/7 private key owners will approve the transfer. Then the token
will be staked from the staking wallet to the node.
5.2.12.
Post-upgrade/hardfork/outage/ maintenance Test
Once the upgrade/hardfork/outage/maintenance are done, we need to test the
withdrawal and deposit before the networks are resumed.
6. Digital Asset Management Framework &
Policy
6.1.
Allocation Framework for Hot vs. Cold Wallets
6.1.1.
Thresholds & sizing methodology
Managing liquidity between the Firm’s hot & cold wallets ensures that we strike
the right balance between ‘on demand’ liquidity for daily customer withdrawals
vs. the added security of storing incremental funds above daily needs in offline /
cold wallets. Sizing of wallets is done on a coin & network combined basis (e.g.
USDC on Ethereum, USDC on Polygon etc.) driven by the fact that we allow our
users to deposit a coin on one network and withdraw it on a different network,
effectively acting like a ‘centralized bridge’ for the customer.
The current framework operates as follows:
Withdrawals and deposits (on a coin & network basis as discussed above) are
9 / BTSBTS00833841Page 11Page 12Page 13Page 14Page 15Page 16Page 17 Confidential | Binance.US
7. Systems
7.1.
Overview
7.1.1.
Ceffu
We license wallet custody software and support services from Ceffu (previously
Binance Holdings Limited). The primary venue for datacenters & hosting data
for our users is in Virginia (specifically, Amazon Web Services (“AWS”) facilities
located in the US East region). The Ceffu solution makes up a majority of our
wallet technology and utilizes a form of TSS (Threshold Signature Scheme) that
is based on MPC (Multi-Party Computation) functionality.
7.1.2.
BitGo
We currently utilize BitGo as a cold wallet and staking solution provider. BitGo
hosts its primary data centers in South Dakota in addition to an offshore
datacenter in place for disaster recovery purposes. BitGo uses a more traditional
MPC solution that involves a physical device on their side to sign transactions.
7.1.3.
Other Technology Solutions
We continuously monitor the wallet technology landscape for best in class
products & services. We are currently researching the following wallet
products/vendors for future implementations:
● Ledger Enterprise
● Aegis
● Anchorage
7.1.4.
PNK
PNK is our internal system for managing our digital assets across the
company and customers. PNK is a proprietary tool developed in-house
that connects with the various aspects of our systems. Customer
Service, Compliance, Risk, and Fraud teams interact with this platform
as part of their day-to-day operations and it’s supported by our internal
development team.
7.2.
Security Guidelines
The security and safety of our customers and their assets is a top priority, as such we
strive to maintain the most stringent cybersecurity program across the organization.
While this is not an exhaustive list of all security measures in place we implement the
following principles when securing digital assets. Please note we do not get into
specifics of how these are implemented for security reasons. If more information is
needed please refer to the Binance.US Digital Asset & Custody Security Standard or
contact the Security Operations team.
7.2.1.
Segregation of Duties
No employee is given enough privileges to misuse any digital asset system on
their own. This control splits processes among multiple people, with their own
16 / BTSBTS00833848Page 18Page 19
PDF Page 1
PlainSite Cover Page
PDF Page 2
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 1 of 19
EXHIBIT 10
PDF Page 3
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 2 of 19
Confidential | Binance.US
Binance.US Digital Asset & Custody
Operations Policy
Date Issued
5/15/2023
Supersedes Issuance Dated
NA
Version 1.0
1
BTS00833836
BTS00833833
PDF Page 4
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 3 of 19
Confidential | Binance.US
This document supersedes all previous versions.
2 / 18
BTS00833837
BTS00833834
PDF Page 5
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 4 of 19
PDF Page 6
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 5 of 19
PDF Page 7
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 6 of 19
PDF Page 8
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 7 of 19
PDF Page 9
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 8 of 19
PDF Page 10
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 9 of 19
PDF Page 11
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 10 of 19
Confidential | Binance.US
insufficient, the US Clearing employee requests the cold wallet transfer to .COM
employee in Wea, COM employee submits the transfer request in TSS and 4/7
private key owners will approve the transfer.
5.2.10.
Cold to Fee Address
When the fee address is insufficient to pay the on-chain gas fee, the US
employee requests the cold wallet transfer to .COM employee in Wea, COM
employee submits the transfer request in TSS and 4/7 private key owners will
approve the transfer.
5.2.11.
Cold to staking wallet
When there is a staking request, the US employee requests the cold wallet
transfer to .COM employee in Wea, COM employee submits the transfer request
in TSS and 4/7 private key owners will approve the transfer. Then the token
will be staked from the staking wallet to the node.
5.2.12.
Post-upgrade/hardfork/outage/ maintenance Test
Once the upgrade/hardfork/outage/maintenance are done, we need to test the
withdrawal and deposit before the networks are resumed.
6. Digital Asset Management Framework &
Policy
6.1.
Allocation Framework for Hot vs. Cold Wallets
6.1.1.
Thresholds & sizing methodology
Managing liquidity between the Firm’s hot & cold wallets ensures that we strike
the right balance between ‘on demand’ liquidity for daily customer withdrawals
vs. the added security of storing incremental funds above daily needs in offline /
cold wallets. Sizing of wallets is done on a coin & network combined basis (e.g.
USDC on Ethereum, USDC on Polygon etc.) driven by the fact that we allow our
users to deposit a coin on one network and withdraw it on a different network,
effectively acting like a ‘centralized bridge’ for the customer.
The current framework operates as follows:
Withdrawals and deposits (on a coin & network basis as discussed above) are
9 / 18
BTS00833844
BTS00833841
PDF Page 12
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 11 of 19
PDF Page 13
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 12 of 19
PDF Page 14
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 13 of 19
PDF Page 15
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 14 of 19
PDF Page 16
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 15 of 19
PDF Page 17
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 16 of 19
PDF Page 18
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 17 of 19
Confidential | Binance.US
7. Systems
7.1.
Overview
7.1.1.
Ceffu
We license wallet custody software and support services from Ceffu (previously
Binance Holdings Limited). The primary venue for datacenters & hosting data
for our users is in Virginia (specifically, Amazon Web Services (“AWS”) facilities
located in the US East region). The Ceffu solution makes up a majority of our
wallet technology and utilizes a form of TSS (Threshold Signature Scheme) that
is based on MPC (Multi-Party Computation) functionality.
7.1.2.
BitGo
We currently utilize BitGo as a cold wallet and staking solution provider. BitGo
hosts its primary data centers in South Dakota in addition to an offshore
datacenter in place for disaster recovery purposes. BitGo uses a more traditional
MPC solution that involves a physical device on their side to sign transactions.
7.1.3.
Other Technology Solutions
We continuously monitor the wallet technology landscape for best in class
products & services. We are currently researching the following wallet
products/vendors for future implementations:
● Ledger Enterprise
● Aegis
● Anchorage
7.1.4.
PNK
PNK is our internal system for managing our digital assets across the
company and customers. PNK is a proprietary tool developed in-house
that connects with the various aspects of our systems. Customer
Service, Compliance, Risk, and Fraud teams interact with this platform
as part of their day-to-day operations and it’s supported by our internal
development team.
7.2.
Security Guidelines
The security and safety of our customers and their assets is a top priority, as such we
strive to maintain the most stringent cybersecurity program across the organization.
While this is not an exhaustive list of all security measures in place we implement the
following principles when securing digital assets. Please note we do not get into
specifics of how these are implemented for security reasons. If more information is
needed please refer to the Binance.US Digital Asset & Custody Security Standard or
contact the Security Operations team.
7.2.1.
Segregation of Duties
No employee is given enough privileges to misuse any digital asset system on
their own. This control splits processes among multiple people, with their own
16 / 18
BTS00833851
BTS00833848
PDF Page 19
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 18 of 19
PDF Page 20
Case 1:23-cv-01599-ABJ-ZMF Document 110-2 Filed 09/14/23 Page 19 of 19