Hi good folks,
We are currently building an exchange but up until now have just been focusing on the logic of the trading engine. I have been tasked with the goal of creating a bullet proof system of cold and hot storage for the exchange. I'm not a programer but have been assigned to just collate different technologies and options to that then the development team and management can go through and discuss each option.
The ratio of getting the convenience / Timeliness / security correct is the hard but the goal is security more than .
I wanted to get some ideas from everyone on the bast ways to go around this. I got massively stung by Gox and have made it my mission never to let a goxing happen to our customers.
But the hard thing is knowing all the tech out there. Because it is all growing so fast now.
I know that
http://bitcore.io have some great tools.
so does
https://api.trustedcoin.com/#/So does blockchain.info
So does Armory
Anyway
What is the best way to do this?
We have a very talented development team so nothing is off the table.
So here is one basic idea
--------
HOT WALLETUsing the blockchain.ifo API to generate addresses for each user to deposit funds.
Pay out addresses get locked in on our system and can only be changed through re uploading ID for us to cross check or 2 factor Auth.
A maximum payout per 24h.
COLD WALLET (addresses will be publicly available for audited for proof of solvency)
The Cold wallet is stored on a computer that has never been online and is used to sign transactions using a USB stick. (Armory wallet) to then send funds to the hot wallet.
The cold wallet is backed up twice a day on multiple hard drives.
I would love this to need 2 out of 3 keys so that both directors need to sign transactions every day to minimise trust. The 3rd is with our Lawyer.
--
Cons and pros
Cons:
- Utilising a 3rd party to handle the hot wallet opens us up to trusting their security. Blockchain.info has proven them selves to be very competent and trustworthy but mistakes on their end can and could happen
- Blockchain could go offline for technical reasons leaving our customers angry at us because they can not withdrawal funds until blockchain.info is back online.
- Cold wallet USB signing could leave us open to a virus that embeds itself in a USB stick to then infect our cold storage offline computer. (need a USB condom LOL)
- Having a hot wallet leaves us open to that getting stolen
Pros- A hot wallet lets our customers have instant withdrawal to a certain amount
- Cold storage can transfer a % of funds to the hot wallet on a daily basis + any extra that where over flow from the previousness day withdrawal requests.
- If a director is sick, goes on holiday or dies then a 3rd key is available.