CryptoRoute

Security

CryptoRoute is a non-custodial swap interface. The security model starts from a simple principle: we never take control of your funds or your keys, so the largest category of exchange risk — a custodian being hacked, frozen, or insolvent — does not apply to us. This page explains exactly how the flow works and what protections are in place.

Non-custodial architecture

  • No private keys, no balances. CryptoRoute never holds, stores, or has access to your private keys, seed phrases, or asset balances. There is nothing on our side to lose, steal, or freeze.
  • Never through us. A swap moves from the wallet you send with, through the execution provider's per-swap deposit address, to the recipient address you specify. Funds are never pooled in or controlled by a CryptoRoute account.
  • No sign-up required. You can complete a swap without an account. The optional account stores only a history of swaps you started while logged in — never keys or balances. See the Privacy Policy for everything we process.

Who controls the deposit address

The per-swap deposit address is generated by the execution provider (NEAR Intents / 1Click), not by CryptoRoute. We relay that address to you and validate the recipient and refund addresses you enter against the correct network format. At no point does CryptoRoute control, sweep, or have signing authority over the deposit address.

Who executes the swap

Swaps are routed and settled through NEAR Intents, an intent-based settlement layer where independent solvers compete to fill your order across chains. CryptoRoute is the routing and quoting interface in front of that settlement layer — it presents the live quote, the exact fee, and the deposit instructions, then tracks the swap to completion.

Sanctions & transaction screening

  • Jurisdiction (sanctions) gate. Swap initiation is blocked from sanctioned and restricted regions. The check uses the trusted edge geo signal (Cloudflare CF-IPCountry), not a client-supplied value, and is fail-closed when geo cannot be resolved.
  • Transaction-level screening (KYT). Deposit and payout addresses are screened against sanctions and illicit-activity databases via a third-party blockchain-analytics (KYT) provider as part of swap processing.

We do not perform identity KYC for standard swaps; screening is risk-based and address/jurisdiction-level.

Refund flow

Cross-chain swaps require a refund address on the origin network. If a swap cannot complete — for example, an underpaid or late deposit, or a provider-side failure — the funds are returned to that refund address. This is why we require and validate it up front for cross-chain routes.

Incident response & monitoring

  • Radar monitoring. Routes, chains, and the execution provider are monitored — success rate and latency are tracked so degradations can be surfaced automatically.
  • Public status. Active incidents surface on the affected route pages and on the status page, with a timeline of how the incident evolved and resolved.
  • Conservative defaults. When a route or chain is degraded, the interface warns you before you send.

Supported & prohibited jurisdictions

CryptoRoute is operated by SoftSphere LLC (Saint Vincent and the Grenadines). Access is not available from jurisdictions subject to comprehensive sanctions or where non-custodial swap routing is prohibited. The sanctions gate enforces this at swap initiation. Using the interface from a prohibited jurisdiction, or via tools that misrepresent your location, is not permitted.

Responsible disclosure

If you believe you've found a security vulnerability, please report it privately to [email protected] with enough detail to reproduce it. Please do not publicly disclose the issue until we've had a reasonable opportunity to investigate and remediate. We appreciate good-faith research and will work with you on coordinated disclosure. We will not pursue legal action against good-faith research that respects this process and avoids privacy violations, service disruption, or data destruction.

Always test an unfamiliar route with a small amount first. Double-check the recipient address and network — non-custodial transfers cannot be reversed once broadcast.