We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration is designed so that cybersecurity considerations are an integral part of our decision-making processes at every level. Our management team works closely with our IT department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.

Cybersecurity Governance

Our board of directors (the “Board”) considers cybersecurity risk as part of its risk oversight function, including oversight of management’s implementation of our cybersecurity risk management program. The Board receives periodic reports from management on our cybersecurity risk programs. In addition, management updates the Board, where it deems appropriate, regarding cybersecurity incidents which they consider to be significant.

Our management team including the Chief Operating Officer, works closely with our IT department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Our management team is responsible for implementing and enforcing the Company’s cybersecurity policies, conducting risk assessments, monitoring systems for potential vulnerabilities, and coordinating the response to any cybersecurity incidents. Our management team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means.

Oversee Third-Party Risk

We rely on certain third-party service providers and cloud-based platforms in the operation of our business, and vendors with access to our systems or data are subject to security assessments and contractual security obligations, including confidentiality and incident notification requirements. Vendor security risks are periodically reviewed and reassessed. As part of our cybersecurity risk management process, we have implemented processes to oversee and help manage risks associated with third-party providers. These processes include conducting thorough security assessments of all third-party providers before engagement and maintaining ongoing monitoring designed to provide for compliance with our cybersecurity standards. The monitoring includes annual assessments of the Security Operating Center (“SOC”) reports of our providers and implementing complementary controls. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.

Risks from Cybersecurity Threats

We have not identified cybersecurity threats or incidents that have materially affected or are reasonably likely to affect us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition. For more information, refer to the sections entitled “Risk Factors - If the Company or its third-party service providers or partners experience a cybersecurity incident or unauthorized parties obtain access to its TON assets, or if a user or other party commits a market-related exploit, the Company may lose some or all of its TON assets and its financial condition and results of operations could be materially adversely affected” and “Risk Factors — The Company will face risks relating to the custody of Toncoin it acquires, including the loss or destruction of private keys required to access its Toncoin and cyberattacks or other data loss relating to its Toncoin” within this Annual Report.