In light of the recent Mt.Gox debacle, I'm looking for some help in coming up with some sort of Standards Framework which exchanges should follow in order to minimise the potential for hacks, dodgy accounting, etc so that users of the exchanges compliant with the framework can feel safer trading bitcoins or other cryptos.
Lets start with listing some safe and unsafe features:
[Safe Features]
- Operating in a politically stable and crypto friendly jurisdiction
- KYC/AML adherence
- Dedicated hardware
- DDoS resistant
- Minimal alteration of Bitcoin Core, alterations independently reviewed
- Regular software audits and performance review
- Cold storage, manual access only
- Hot wallet size algorithmically determined by standard deviations of withdraws
- 100% reserve
- Regular financial statements, fiat + crypto
- 2 factor authentication
- Separation between read-only and execution APIs (
https://bitcointalk.org/index.php?topic=556810.msg6065434#msg6065434)
- Separation between trade and wallet APIs
- Exchange transactions all performed on chain (operationally possible?)
[Unsafe Features]
- ?
For clarity I'll add/remove features here later depending on census. Let's self regulate.