while using usb stick to move info over and back might be suitable for a individual miner it is not feasible in an exchange environment where several withdrawals are possible. So what is an ideal design for a exchange environment?
The cold wallet is supposed to be reserve funds.
Cold Wallet
- funds can be deposited automatically
- funds can be monitored via watching wallets
- withdrawal is difficult
Hot Wallet
- all wallet operations are automatic
The idea is that you get a notification if the Hot Wallet is running low on funds. Funds can then be transferred to the Hot Wallet in a single transaction from the Cold Wallet.
When a client withdraws money, it is from the Hot Wallet.
In an exchange, there is like a "float" that varies daily. If the total funds stored on the exchange went up an down by 10%, then you only need to store 10% in the hot wallet.
You could have an intermediate level (warm wallet?) that have less security than the cold wallet but more than the hot wallet. For example, transfers might be automatic, but need to be signed by 3 of 3 separate servers.
I believe other controls (not tech based) around this process are also needed. I'm not an accountant but I'm thinking:
- Regular cash/BTC recons. Is the amount of btc/cash held now equal to previous balance +/- transactions made?
- Customer balance recons.
- Cold to hot transfers can only occur if a proper recon has been done. Is the cold as big as it should be. Has the hot reduced to a low level for valid reasons? Need sign-offs on this, with the cold to hot transaction only occurring if audits/recons are in place.
This is to stop one blindly refilling an empty hot wallet from the cold. If you have a recon you can be sure the hot needs refilling for the right reasons.