Bitcoin Forum
February 23, 2019, 06:23:15 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Keeping Exchanges Secure  (Read 73 times)
c_atlas
Jr. Member
*
Offline Offline

Activity: 40
Merit: 5


View Profile
February 05, 2019, 11:18:31 PM
 #1

inb4 someone says not your keys not your bitcoin; we know.

Unfortunately, if you want to exchange your digital currency in a reasonable amount of time you'll have to put your crypto on a centralized exchange (for now), so my question is this: As of today, what's the most secure way for exchanges to keep your crypto safe while ensuring that it's always accessible when it needs to be withdrawn? I find it shocking that Cryptopia and QuadrigaCX went under just weeks apart due to poor handling of private keys. Is there no industry standard? MultiSig cold storage addresses? Can't people write distributed smart contracts that work with their internal APIs to control the transfer of funds?

If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be?
1550946195
Hero Member
*
Offline Offline

Posts: 1550946195

View Profile Personal Message (Offline)

Ignore
1550946195
Reply with quote  #2

1550946195
Report to moderator
Your Bitcoin transactions
The Ultimate Bitcoin mixer
made truly anonymous.
with an advanced technology.
Mix coins
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1550946195
Hero Member
*
Offline Offline

Posts: 1550946195

View Profile Personal Message (Offline)

Ignore
1550946195
Reply with quote  #2

1550946195
Report to moderator
1550946195
Hero Member
*
Offline Offline

Posts: 1550946195

View Profile Personal Message (Offline)

Ignore
1550946195
Reply with quote  #2

1550946195
Report to moderator
cissrawk
Sr. Member
****
Offline Offline

Activity: 770
Merit: 371

Video Creation Services https://goo.gl/QN55ZH


View Profile WWW
February 06, 2019, 12:20:23 AM
 #2

Using top exchange is one of option, example is binance. Or just do instant exchange and withdraw it asap.

If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be?
I just can think about increasing their security. Also, they can give bounty or reward to people that can hack or find a hole in their site and give reward for them before release the site officially.

  ▃▃▃▂▂▂▂▂▃▃▃▃                                      ▃▃▃▂▂▂▃▃▃                         
   ██████████████████                                        █████████████     ████                 
   ██████████████████                                        █████████████     ████                 
          ████                                               ████                                   
          ████   █████ █████ ████   █████    █████████       ████       ████   ████  ███████████   
          ████   ▀█████████▀ ████   ████    ████   ████      █████████  ████   ████   ████  █████   
          ████    ████▀ ▀▀▀  ████   ████   ████     ████     █████████  ████   ████   ████    ████ 
          ████    ████       ████   ████   █████████████     ████       ████   ████   ████    ████ 
          ████    ████       ███████████▄   ████             ████       ████   ████   ████   █████ 
          ████    ████       █████  ███████  ████  ████      █████      ████   ████   ███████████   
         ▄████▄   ████        ███     ███      ██████        █████      ████   ████   █████████     
                                                                                      ████         
                                                                                      ████         
                                                                             █▀▀   
Blockchain Fair Games
|
Truly one of a kind games:
MAGIC DICE   CHAIN'S CODE   PIRATE BAY
MINING FACTORY      RAPID TO THE MOON
|

400 BTC
★ PRIZE FUND ★
|

WEEKLY GIWEAWAYS
Join our community!
150% BONUS
First-time deposit
VISA  🔴🌕  50+coins

CERTIFIED RNG
100% TRANSPARENT
PROVABLY FAIR
c_atlas
Jr. Member
*
Offline Offline

Activity: 40
Merit: 5


View Profile
February 06, 2019, 01:07:23 AM
 #3

Using top exchange is one of option, example is binance. Or just do instant exchange and withdraw it asap.

If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be?
I'm asking about what exchanges do/can do to ensure the integrity of the storage and access to their private keys, not what we as individuals can do if we have to use an exchange.

I just can think about increasing their security. Also, they can give bounty or reward to people that can hack or find a hole in their site and give reward for them before release the site officially.
Still not related to their private keys, this relates more so towards the security of their webapp. Sure you could hack an exchange's site, but just because their website is compromised doesn't mean their private keys are
freedomno1
Legendary
*
Offline Offline

Activity: 1582
Merit: 1036


Learning the troll avoidance button :)


View Profile WWW
February 06, 2019, 01:45:18 AM
Last edit: February 06, 2019, 02:32:26 AM by freedomno1
Merited by c_atlas (1)
 #4

If someone were to start a new exchange today, what are the steps they should take to ensure their private keys are as secure as can be?

Public Cold Storage Address and Proof Of Keys is the minimum.
E.G: Poloniex Old Cold Storage Address https://www.blockchain.com/btc/address/17irB8xLxhVRerCoUyypnmpoak3QBpVp2z
Moved into Multi-Sigs
https://bitcointalk.org/index.php?topic=1432482.0
https://www.blockchain.com/btc/address/39TDhgfAg4oRXo1TLfEb5yZBN45hBKVYja
With a test now and then

Or Listed on a service
https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html

1   3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r 3-of-6
wallet: Bitfinex-coldwallet   138,661 BTC ($471,705,994 USD)   0.7914%   2017-01-05 05:34:15   2019-02-04 09:24:55   5609   2017-01-06 03:29:06   2018-10-22 07:45:07   4541
2   385cR5DM96n1HvBDMzLHPYcw89fZAXULJP
wallet: Bittrex-coldwallet   130,005 BTC ($442,259,707 USD)   0.7420%   2018-12-20 18:16:25   2019-02-03 12:40:50   9   2019-01-09 15:58:55   2019-01-09 15:58:55   1
3   3Nxwenay9Z8Lc9JBiywExpnEFiLp6Afp8v 3-of-5
wallet: Bitstamp-coldwallet   108,848 BTC ($370,287,511 USD) / +8000 BTC   0.6212%   2015-10-16 08:43:06   2019-02-04 09:42:42   226   2015-10-29 04:44:26   2019-01-03 05:57:01   61
4   3Cbq7aT1tY8kMxWLbitaG7yT6bPbKChq64 3-of-5
wallet: Huobi-wallet   108,135 BTC ($367,859,839 USD)   0.6172%   2017-09-08 10:41:05   2019-02-04 13:39:02   230   2017-09-09 05:18:35   2018-04-25 01:53:53   9
5   3AweAnU1qYSUCJ5Hvy9DFEB7dVqUebZw5i
wallet: Binance-coldwallet   107,432 BTC ($365,469,601 USD) / +107432 BTC   0.6131%   2019-01-14 19:19:40   2019-02-03 12:40:50   6

The next step is Proof of Ability to Move Funds on occasion or signed message and a few people holding the keys example in 3 of 5
5 people each hold 1 Key  (1 Dies we still have 4/5)
Otherwise we could end up with another Quadriga Situation ...

Rating Wise
https://icorating.com/exchanges/centralized/

As an indicator
Quadriga was a B
Cryptopia was a B

Poloniex is an A-
Binance is a B+

Only A+ is Kraken
Not even Coinbase got A+
squatter
Hero Member
*****
Online Online

Activity: 1036
Merit: 710


STOP SNITCHIN'


View Profile
February 06, 2019, 08:00:45 AM
 #5

Unfortunately, if you want to exchange your digital currency in a reasonable amount of time you'll have to put your crypto on a centralized exchange (for now)

DEX platforms definitely don't have the liquidity of centralized exchanges, but they're perfectly fine for smaller, casual traders. If you're trading less than 20-30 ETH worth of Ethereum assets, using a DEX is the way to go.

As of today, what's the most secure way for exchanges to keep your crypto safe while ensuring that it's always accessible when it needs to be withdrawn? I find it shocking that Cryptopia and QuadrigaCX went under just weeks apart due to poor handling of private keys.

Sadly, it doesn't surprise me at all. There's something about cryptocurrency -- the speed with which irreversible payments can be made -- that makes it especially prone to these events.

Is there no industry standard? MultiSig cold storage addresses?

QuadrigaCX stated they used multi-sig and cold storage. That's another problem with centralized exchanges. We take them at their word, but they often lie to our faces.

Can't people write distributed smart contracts that work with their internal APIs to control the transfer of funds?

Doesn't that require keeping private keys online? Cold storage needs to be a central requirement.

NeuroticFish
Legendary
*
Online Online

Activity: 1764
Merit: 1141


There are no mistakes. Only opportunities wasted.


View Profile
February 06, 2019, 02:51:27 PM
 #6

while ensuring that it's always accessible when it needs to be withdrawn

Heh, you ask too much.

The solution, as the others have written, is multisig cold storage. Cold storage will contain a big part of the funds, but not all of them.
What's in cold storage may need more time to get accessed and it's seldom accessed for withdraws. But no problem, this is for safety.
A smaller amount is in hot wallets and that's used for withdrawals.

So always accessible is not a good request and it's not met. If more whales want to withdraw, a delay will clearly happen.

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
Dina1976
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
February 07, 2019, 11:34:25 AM
 #7

What if I tell you guys that i found really interesting exchange with a nice blog
daNany
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 07, 2019, 11:35:58 AM
 #8

What if I tell you guys that i found really interesting exchange with a nice blog

My goodness, so unexpected *sarcasm*
Dina1976
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
February 07, 2019, 11:36:58 AM
 #9

What if I tell you guys that i found really interesting exchange with a nice blog

My goodness, so unexpected *sarcasm*

You may laugh now, but u will definitely like it: https://medium.com/velvet-exchange. Don’t THANK ME
Bitze
Legendary
*
Offline Offline

Activity: 1246
Merit: 1013



View Profile
February 08, 2019, 08:35:40 AM
 #10

while ensuring that it's always accessible when it needs to be withdrawn

Heh, you ask too much.

The solution, as the others have written, is multisig cold storage. Cold storage will contain a big part of the funds, but not all of them.
What's in cold storage may need more time to get accessed and it's seldom accessed for withdraws. But no problem, this is for safety.
A smaller amount is in hot wallets and that's used for withdrawals.

So always accessible is not a good request and it's not met. If more whales want to withdraw, a delay will clearly happen.

this is probably the best solution there is at the moment. it is important to distribute the
infos and access rights combined to several people. a lot of money is tempting  after all Roll Eyes

_Crypto made easier than cash_
▄███▄              ▄███▄
███████            ███████
███████   ▄████▄   ███████
███████  ████████  ███████
▄██████████  ████████  ██████████▄
████████████  ████████  ████████████
████████████  ████████  ████████████
▀██████████  ████████  ██████████▀
███████  ████████  ███████
███████  ████████  ███████
███████  ████████  ███████
▀███▀   ████████   ▀███▀
████████
▀████▀
MenaPay.
ANN THREAD
__
Potato Chips
Sr. Member
****
Offline Offline

Activity: 854
Merit: 365


Hey o/


View Profile
February 08, 2019, 02:59:10 PM
 #11

Quote from: squatter
That's another problem with centralized exchanges. We take them at their word, but they often lie to our faces.

Bottomline right here ^

Exchanges will claim this and that but there's no way for us to confirm it and they don't too. If someone were to start a new exchange today, maybe they could work on that, too?

Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!