Exchanges create a wallet per user ? Or a single wallet to all ?

[lseo]

Hello,

I and a friend are trying to develop an exchange, at last to learn how it works.
At moment, we are using bitcoinjs-lib.

1) An exchange creates a wallet per user ? Or does it have a single wallet which makes all transactions ?
2) If the exchange keeps a wallet per user, how can it protect the user's private key in case  of unauthorised access in database ? Crypt and decrypt it with user's password is an option, but it implies in ask for password every transaction.

Regards,

[ranochigo]

Hello,

I and a friend are trying to develop an exchange, at last to learn how it works.
At moment, we are using bitcoinjs-lib.

1) An exchange creates a wallet per user ? Or does it have a single wallet which makes all transactions ?

I don't work at an exchange. However, I can safely tell you that any exchange will not attempt to make a wallet for every user. The sheer amount of resources required will make in unfeasible.

2) If the exchange keeps a wallet per user, how can it protect the user's private key in case  of unauthorised access in database ? Crypt and decrypt it with user's password is an option, but it implies in ask for password every transaction.

Regards,

If there is an unauthorised access to the server, the password would probably be captured anyways. In most cases, the funds are sent from a hot wallet that can be refilled from a cold wallet.

[italianMiner72]

Hello,

I and a friend are trying to develop an exchange, at last to learn how it works.
At moment, we are using bitcoinjs-lib.

1) An exchange creates a wallet per user ? Or does it have a single wallet which makes all transactions ?
2) If the exchange keeps a wallet per user, how can it protect the user's private key in case  of unauthorised access in database ? Crypt and decrypt it with user's password is an option, but it implies in ask for password every transaction.

Regards,

A singular wallet can collect all the addresses do you need...
but i think, who Exchange, have hot and cold wallets to protect users funds...
Sure, not one for each users

[TechPriest]

Hello,

I and a friend are trying to develop an exchange, at last to learn how it works.
At moment, we are using bitcoinjs-lib.

1) An exchange creates a wallet per user ? Or does it have a single wallet which makes all transactions ?
2) If the exchange keeps a wallet per user, how can it protect the user's private key in case  of unauthorised access in database ? Crypt and decrypt it with user's password is an option, but it implies in ask for password every transaction.

Regards,

1). No, exchanger has cold wallet and hot wallet. BUT. This wallets can hold many pairs "address-private key". Exchange creates many addresses (for every deposit transaction). But this addresses locates in cold wallet. Exchange give to you only voucher and in fact you don't own your money.

[NeuroticFish]

Hello,

I and a friend are trying to develop an exchange, at last to learn how it works.
At moment, we are using bitcoinjs-lib.

1) An exchange creates a wallet per user ? Or does it have a single wallet which makes all transactions ?
2) If the exchange keeps a wallet per user, how can it protect the user's private key in case  of unauthorised access in database ? Crypt and decrypt it with user's password is an option, but it implies in ask for password every transaction.

Regards,

From what I've seen as user, I think that (for BTC-like coins) they have one wallet they check for each and every user one address (per user) for inputs only.
As user you have one address to send your funds to. After your funds get one confirmation there's a big chance your funds are sent away (used as inputs for others' withdrawals). If you withdraw, your inputs will most likely not be from the one address where you sent the money to. Also this makes it easier to use cold storage as needed.

There's no such thing as user's private key in such online services. All private keys are the exchange's and they are used accordingly. And if a breach happens, we better pray that most of the funds are protected in cold storage.

[TechPriest]

From what I've seen as user, I think that (for BTC-like coins) they have one wallet they check for each and every user one address (per user) for inputs only.

Nah, you can deposit to different addresses. When you click to "generate address" it generates address and attach to your account name (i think exchange keeps this information in SQL database). But only for one deposit operation (it can depends through exchange).

[NeuroticFish]

From what I've seen as user, I think that (for BTC-like coins) they have one wallet they check for each and every user one address (per user) for inputs only.

Nah, you can deposit to different addresses. When you click to "generate address" it generates address and attach to your account name (i think exchange keeps this information in SQL database). But only for one deposit operation (it can depends through exchange).

Yes, I guess it keeps one address per user in the DB and you can create a new one if you want to (at some exchanges) replacing the old address in the DB.
It's still one address per user in every moment.