Stratagen Group
Stratagen CryptoEdge

Risk Disclosure

Version 2026-05-26-v3

This Risk Disclosure is an integral part of your agreement with Stratagen Group when you use Stratagen CryptoEdge. Read it carefully. By clicking through during sign-up you confirm that you understand the risks described below.

You can lose some or all of the value you deposit. CryptoEdge does not guarantee any return, does not protect against loss, and is not insured by any government deposit-insurance program (for example, the United States FDIC or SIPC). Do not commit funds you cannot afford to lose.

1. Market risk

Digital-asset markets are volatile. Prices can move sharply in short periods due to macroeconomic events, exchange outages, liquidity shocks, regulatory announcements, or news about a specific protocol. Strategy returns depend on market conditions and can be negative in any period, including periods that historically would have been positive.

Risk-profile labels (Conservative, Moderate, Aggressive) describe the relative variance and drawdown characteristics that the underlying strategy is designed for. They are not a forecast and do not represent any specific return outcome. Past performance does not guarantee future results.

2. Strategy and execution risk

Strategies are operated by Stratagen and execute through third-party venues including centralised exchanges and on-chain decentralised exchanges. Risks include but are not limited to:

  • Execution slippage when liquidity is thin.
  • Venue outages, deposit / withdrawal pauses, and counterparty failure.
  • Strategy parameters performing poorly in unforeseen market regimes.
  • Software defects in the strategy code or our internal infrastructure.

3. Smart-contract and protocol risk

On-chain venues are governed by smart-contract code. Bugs, exploits, governance changes, or upgrade mistakes in those contracts can cause partial or total loss of the assets that flow through them. We rely on publicly-available audits and our own diligence to select venues, but we cannot eliminate this risk.

4. Custody, signing authority, and dependency on Privy

Your wallet is created and held through our identity provider, Privy, Inc. Privy holds your wallet's signing key under its custody infrastructure (a multi-party computation scheme operating inside hardware-backed Trusted Execution Environments; the full key is recombined only inside the enclave at signing time). Stratagen does not hold your wallet's signing key.

Stratagen holds a separate authorisation key, distinct from your wallet's signing key, that Privy recognises as a co-signer on your wallet within a scope you explicitly grant. The scope covers (a) auto-conversion of native-asset deposits to USDC at receipt and (b) the trading actions in any strategy you Activate. Stratagen uses this co-signer authority to execute the strategy without requesting your approval for each trade (per-trade approval would be operationally infeasible for an automated strategy). The scope does not authorise transfers to addresses outside your own wallet and does not authorise withdrawals on your behalf.

You can revoke Stratagen's co-signer authority at any time through the account dashboard or directly through Privy. Revocation immediately halts any active Stratagen strategy on your wallet and returns sole signing authority to you.

Withdrawals are signed by you, not by Stratagen. Every withdrawal requires you to re-authenticate with a one-time code and confirm the transaction in the Privy prompt.

Privy is a real dependency for your access to your wallet. If Privy ceases to operate, suffers a security incident, or changes its terms, that affects your wallet directly. This is the standard third-party-custody risk associated with any managed wallet platform. We chose Privy because of their security posture and supported them as a co-signer integration; we do not, however, warrant Privy's controls and cannot indemnify you against a failure originating with Privy. Privy publishes its security posture at privy.io/security.

Other risks in this area include unauthorised access to your account if your email or recovery method is compromised (the Privy session is what gates user-initiated actions); infrastructure failures that delay or prevent revocation of the co-signer authority; and the underlying risks inherent to split-key and TEE-based custody, including side-channel attacks against TEE hardware and implementation bugs in the share-recombination protocol.

5. Network and on-chain risk

Deposits and withdrawals depend on the underlying blockchain. Network congestion, reorganisations, hard forks, or address-format errors can result in delayed crediting, additional fees, or in some cases assets that cannot be recovered (for example, sending to an address on the wrong network).

6. Conversion risk

Native-asset deposits (for example, SOL or ETH) are converted to USDC at receipt. Conversion is executed through on-chain liquidity venues at prevailing rates, after fees and slippage. The USDC amount credited will not exactly equal the market price at the moment of deposit.

7. Stablecoin risk

USDC is a fiat-referenced stablecoin issued by a third party (Circle). It is not legal tender and is not insured by any government. Like other stablecoins, it carries the risk that its issuer cannot maintain its peg or honour redemption, in which case the value of USDC balances held in your CryptoEdge account would be impaired.

8. Regulatory risk

Digital-asset regulation is evolving. Future regulatory action could restrict or prohibit specific assets, strategies, or features; require additional reporting; impose taxes; or otherwise change the terms on which CryptoEdge is offered. Such changes may require us to suspend, modify, or terminate the Service.

9. Tax risk

You are responsible for any tax obligations arising from your use of the Service, including but not limited to capital-gains, income, and information-reporting obligations. We do not provide tax advice. Consult a qualified tax professional in your jurisdiction.

10. Operational risk

The Service depends on third-party providers (hosting, identity, KYC, analytics, blockchain RPC). Outages or failures at those providers can delay deposits, withdrawals, or strategy execution. Stratagen is not liable for losses caused by third-party provider failures except as required by applicable law.

11. Our security and operational hardening

This section is informational and does not constitute a warranty. No security program eliminates risk. The protections below describe what we currently do, not what we are obligated to maintain. We may add, remove, or change controls without notice.

Identity, authentication, and key custody

  • Privy SSS + TEEs hold your wallet shares: the full private key is recombined only inside a hardware-backed enclave at signing time. See Section 4 above.
  • Sign-in is passwordless: a one-time code is emailed to you per session. Sessions are short-lived and verified per request against Privy's signing keys (ES256 JWT).
  • Sensitive flows (granting the co-signer authority, withdrawing) require you to re-authenticate via one-time code regardless of an open session.

Withdrawals

  • Every withdrawal is signed by you in the Privy prompt. Stratagen's co-signer authority (Section 4) is scoped to strategy trading actions and auto-conversion; it does not authorise withdrawals on your behalf.
  • Destination addresses are validated client-side (Solana base58, 32 bytes) and server-side before the row is recorded.
  • Amounts are clamped to your live on-chain balance at the moment of the request; the server re-checks the balance via the blockchain RPC before accepting the request.
  • Every withdrawal triggers an email receipt to you with the amount, destination, and transaction signature.
  • Withdrawals at or above a configured threshold (currently US$10,000) trigger an internal operations alert so we can spot-check large outflows in near real time.
  • Withdrawal rows that stall in a non-terminal state for longer than 24 hours are reconciled by an hourly maintenance job so our ledger does not diverge from on-chain reality.

Deposits and conversion

  • Every detected deposit is screened against blockchain-analytics risk signals before it is credited. Deposits whose source or transaction characteristics fail screening are held for review and may be returned.
  • Native-asset deposits are auto-converted to USDC through on-chain liquidity venues using the scoped Privy delegation described in Section 4; the swap route is constructed by our server and broadcast under the delegation, with the converted USDC landing in your own wallet's USDC account.

Identity verification (KYC) and AML

  • KYC and AML/sanctions screening are performed by Sumsub before any deposit is accepted. The verification record is retained in line with applicable financial-services record-keeping rules.

Platform and transport security

  • All customer traffic is served over TLS with HTTP Strict Transport Security (HSTS) enabled, so browsers refuse to downgrade to plaintext.
  • A strict Content-Security-Policy is applied per route, with frame-ancestors 'none' as the default so our pages cannot be embedded by third-party sites. Per-route exceptions are explicitly enumerated (Privy's embedded-wallet iframe on the wallet-attach and withdraw pages; our own admin dashboards on the cross-port token-broadcast page).
  • Cache-Control is set to no-store on every dynamic response so account state never lingers in a browser, CDN, or intermediate-proxy cache.
  • Standard security headers are applied uniformly: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and a locked-down Permissions-Policy. Fingerprinting headers (Server) are stripped from responses.

Audit and visibility

  • Every state-changing event (account creation, KYC decision, wallet provisioning, deposit credit, swap, commitment lifecycle, withdrawal request / confirmation / failure) is recorded in an append-only audit ledger you can review through the support team on request.
  • Email notifications use a deterministic deduplication key so a retried event never causes a duplicate message.
  • Sensitive operator actions on our admin tools are themselves recorded in a separate security-events log.

12. No advice; your decision

Nothing in CryptoEdge is personalised investment, tax, or legal advice. You are responsible for evaluating whether the Service is suitable for your circumstances. If you are unsure, consult an independent qualified adviser before depositing funds or activating a strategy.

By clicking through the acceptance checkbox during sign-up, you confirm that you have read this Risk Disclosure, that you understand the risks described, and that you accept those risks.

Terms of Service Privacy Policy Risk Disclosure Back to your account