← XORA
Security & Custody

How Xora protects deposits

Xora is a custodial XRP neobank with a native TRX on Tron pilot. XRP deposits follow the account-specific route shown in the app; TRX deposits use TRON mainnet addresses with no memo. High-risk outflows can be held for manual review before funds leave treasury.

Custody model
XRPL + TRON treasury
Access model
Restricted operations
Depositor reserve
Planned · 5%
Monitoring
24/7 + circuit breakers

Custody architecture

User deposits follow the account-specific route shown in the signed-in app. Treasury funds are segregated from app infrastructure and reconciled daily against the internal user ledger so owed balances can be compared with on-chain funds.

The TRX pilot supports native TRX on Tron only. Users receive a TRON mainnet deposit address, no memo or destination tag is required, and TRC-20 tokens or other Tron assets are not credited in this release. Read the TRX deposit guide before sending funds.

Outbound movement is controlled through restricted operational flows, rate limits, health checks, manual withdrawal review, and panic-mode circuit breakers. Approved withdrawals re-run anti-drain, active-freeze, and treasury-availability checks immediately before submission. A 3-of-5 XRPL multisig migration is on the roadmap and should not be treated as live custody until the signer list is published on-chain.

On-chain verifiability

Because XRPL and Tron are transparent ledgers, settled treasury transactions are publicly queryable. Individual user balances and the aggregate user-owed ledger are internal accounting records; they are reconciled against treasury backing and can temporarily diverge during settlement, yield distribution, or operational holds. XRPL account history can be inspected with standard explorers:

TRX activity is visible on Tron explorers such as Tronscan. XORA credits native TRX only; TRC-20 token deposits are outside the pilot scope.

Aggregate protocol metrics and sensitive routing details are not published publicly to limit competitor and adversarial intelligence.

Depositor reserve (planned)

A depositor reserve is on the roadmap and is not live yet. The design routes a portion of future protocol revenue into a dedicated reserve, to be held in a segregated XRPL wallet separate from the operational treasury. Once capitalized, it is intended to help absorb losses from a lending counterparty default up to the reserve balance.

This is not an FDIC-style guarantee, and no reserve is funded today. When the reserve goes live, its public on-chain address and current balance will be published here so the buffer is independently verifiable.

Operational controls

Responsible disclosure

If you find a vulnerability, please report it privately first. We acknowledge within 48 hours.

security@xora.finance security.txt

Reward tiers

Rewards paid in USDC or XRP. Out of scope: third-party services (Clerk, Plaid, Vercel, Cloudflare), social engineering of staff, physical attacks, content spoofing without security impact, missing security headers without proof of exploit.

Common questions

What happens if Xora itself goes away?

In an orderly shutdown, Xora reconciles the internal ledger against the on-chain treasury and coordinates withdrawals back to depositors. In a hostile shutdown, the on-chain treasury history remains public, but Xora is still a custodial product and not a self-custody wallet.

Are user accounts insured?

A 5% revenue reserve is planned as the protocol-level buffer, but it is not funded or live today. There is no government-backed deposit insurance. Cryptocurrency custody is not FDIC or SIPC eligible anywhere. Anyone telling you otherwise is misleading you.

Is the source code open?

Smart contract code is not applicable. Xora is a custodial product on a permissioned ledger setup, not an on-chain protocol. The yield distribution logic, custody flow, and planned reserve accounting are published in the whitepaper.

XORA · Security Last updated 2026-06-26