|
Title: Keeping Exchanges Secure Post by: c_atlas on February 05, 2019, 11:18:31 PM inb4 someone says not your keys not your bitcoin; we know.
Unfortunately, if you want to exchange your digital currency in a reasonable amount of time you'll have to put your crypto on a centralized exchange (for now), so my question is this: As of today, what's the most secure way for exchanges to keep your crypto safe while ensuring that it's always accessible when it needs to be withdrawn? I find it shocking that Cryptopia and QuadrigaCX went under just weeks apart due to poor handling of private keys. Is there no industry standard? MultiSig cold storage addresses? Can't people write distributed smart contracts that work with their internal APIs to control the transfer of funds? If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be? Title: Re: Keeping Exchanges Secure Post by: cissrawk on February 06, 2019, 12:20:23 AM Using top exchange is one of option, example is binance. Or just do instant exchange and withdraw it asap.
If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be? I just can think about increasing their security. Also, they can give bounty or reward to people that can hack or find a hole in their site and give reward for them before release the site officially.Title: Re: Keeping Exchanges Secure Post by: c_atlas on February 06, 2019, 01:07:23 AM Using top exchange is one of option, example is binance. Or just do instant exchange and withdraw it asap. I'm asking about what exchanges do/can do to ensure the integrity of the storage and access to their private keys, not what we as individuals can do if we have to use an exchange.If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be? I just can think about increasing their security. Also, they can give bounty or reward to people that can hack or find a hole in their site and give reward for them before release the site officially. Still not related to their private keys, this relates more so towards the security of their webapp. Sure you could hack an exchange's site, but just because their website is compromised doesn't mean their private keys areTitle: Re: Keeping Exchanges Secure Post by: freedomno1 on February 06, 2019, 01:45:18 AM If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be? Public Cold Storage Address and Proof Of Keys is the minimum. E.G: Poloniex Old Cold Storage Address https://www.blockchain.com/btc/address/17irB8xLxhVRerCoUyypnmpoak3QBpVp2z Moved into Multi-Sigs https://bitcointalk.org/index.php?topic=1432482.0 https://www.blockchain.com/btc/address/39TDhgfAg4oRXo1TLfEb5yZBN45hBKVYja With a test now and then Or Listed on a service https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html 1 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r 3-of-6 wallet: Bitfinex-coldwallet 138,661 BTC ($471,705,994 USD) 0.7914% 2017-01-05 05:34:15 2019-02-04 09:24:55 5609 2017-01-06 03:29:06 2018-10-22 07:45:07 4541 2 385cR5DM96n1HvBDMzLHPYcw89fZAXULJP wallet: Bittrex-coldwallet 130,005 BTC ($442,259,707 USD) 0.7420% 2018-12-20 18:16:25 2019-02-03 12:40:50 9 2019-01-09 15:58:55 2019-01-09 15:58:55 1 3 3Nxwenay9Z8Lc9JBiywExpnEFiLp6Afp8v 3-of-5 wallet: Bitstamp-coldwallet 108,848 BTC ($370,287,511 USD) / +8000 BTC 0.6212% 2015-10-16 08:43:06 2019-02-04 09:42:42 226 2015-10-29 04:44:26 2019-01-03 05:57:01 61 4 3Cbq7aT1tY8kMxWLbitaG7yT6bPbKChq64 3-of-5 wallet: Huobi-wallet 108,135 BTC ($367,859,839 USD) 0.6172% 2017-09-08 10:41:05 2019-02-04 13:39:02 230 2017-09-09 05:18:35 2018-04-25 01:53:53 9 5 3AweAnU1qYSUCJ5Hvy9DFEB7dVqUebZw5i wallet: Binance-coldwallet 107,432 BTC ($365,469,601 USD) / +107432 BTC 0.6131% 2019-01-14 19:19:40 2019-02-03 12:40:50 6 The next step is Proof of Ability to Move Funds on occasion or signed message and a few people holding the keys example in 3 of 5 5 people each hold 1 Key (1 Dies we still have 4/5) Otherwise we could end up with another Quadriga Situation ... Rating Wise https://icorating.com/exchanges/centralized/ As an indicator Quadriga was a B Cryptopia was a B Poloniex is an A- Binance is a B+ Only A+ is Kraken Not even Coinbase got A+ Title: Re: Keeping Exchanges Secure Post by: squatter on February 06, 2019, 08:00:45 AM Unfortunately, if you want to exchange your digital currency in a reasonable amount of time you'll have to put your crypto on a centralized exchange (for now) DEX platforms definitely don't have the liquidity of centralized exchanges, but they're perfectly fine for smaller, casual traders. If you're trading less than 20-30 ETH worth of Ethereum assets, using a DEX is the way to go. As of today, what's the most secure way for exchanges to keep your crypto safe while ensuring that it's always accessible when it needs to be withdrawn? I find it shocking that Cryptopia and QuadrigaCX went under just weeks apart due to poor handling of private keys. Sadly, it doesn't surprise me at all. There's something about cryptocurrency -- the speed with which irreversible payments can be made -- that makes it especially prone to these events. Is there no industry standard? MultiSig cold storage addresses? QuadrigaCX stated they used multi-sig and cold storage. That's another problem with centralized exchanges. We take them at their word, but they often lie to our faces. Can't people write distributed smart contracts that work with their internal APIs to control the transfer of funds? Doesn't that require keeping private keys online? Cold storage needs to be a central requirement. Title: Re: Keeping Exchanges Secure Post by: NeuroticFish on February 06, 2019, 02:51:27 PM while ensuring that it's always accessible when it needs to be withdrawn Heh, you ask too much. The solution, as the others have written, is multisig cold storage. Cold storage will contain a big part of the funds, but not all of them. What's in cold storage may need more time to get accessed and it's seldom accessed for withdraws. But no problem, this is for safety. A smaller amount is in hot wallets and that's used for withdrawals. So always accessible is not a good request and it's not met. If more whales want to withdraw, a delay will clearly happen. Title: Re: Keeping Exchanges Secure Post by: Bitze on February 08, 2019, 08:35:40 AM while ensuring that it's always accessible when it needs to be withdrawn Heh, you ask too much. The solution, as the others have written, is multisig cold storage. Cold storage will contain a big part of the funds, but not all of them. What's in cold storage may need more time to get accessed and it's seldom accessed for withdraws. But no problem, this is for safety. A smaller amount is in hot wallets and that's used for withdrawals. So always accessible is not a good request and it's not met. If more whales want to withdraw, a delay will clearly happen. this is probably the best solution there is at the moment. it is important to distribute the infos and access rights combined to several people. a lot of money is tempting after all ::) Title: Re: Keeping Exchanges Secure Post by: Potato Chips on February 08, 2019, 02:59:10 PM Quote from: squatter That's another problem with centralized exchanges. We take them at their word, but they often lie to our faces. Bottomline right here ^ Exchanges will claim this and that but there's no way for us to confirm it and they don't too. If someone were to start a new exchange today, maybe they could work on that, too? |