Questions and answers for exchange wallets

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Questions and answers for exchange wallets

比特派钱包

2020-03-19 00:00

本文约4251字，阅读全文需要约17分钟

For enterprise large asset management, please use a cold wallet with multi-signature function.

For a long time, "exchange" has always been one of the hottest tracks in the currency circle. Just like the tens of thousands of battles in the group buying era, in the last round of bull market, tens of thousands of exchanges emerged in the currency circle at one go. Until today, new exchanges are born every day, and old exchanges are also born every day. The exchange fell.

Although different exchanges have different business focuses, they all focus on a crucial pain point at the same time - the exchange wallet. Since working in the industry, the Bitpie wallet team has accepted inquiries about exchange wallets from many exchanges.

This article will sort out some of the content, and tell you about the common problems when designing an exchange wallet solution, hoping to help you.

Question 1: Should exchange wallets use third-party escrow services?

Our answer to this question is:

Please carefully consider whether to use hosting services according to your own situation.

Recently, the term "hosting" has been very popular in the currency circle, and it has become a "very promising" track. Here we do not want to discuss whether the hosting track is valuable, but just want to tell you "why You should carefully consider third-party hosting" - it seems that you don't have to do anything, and you can manage all your wallets by relying on third-party APIs. Is this method really good?

1. First of all, third-party hosting services are not as "safe" as everyone thinks:

Security needs to rely on the wallet system mechanism and security strategies at the server and network levels. Bitgo, the most famous service provider in the custody field today, also caused 120,000 bitcoins to be stolen from Bitfinex a few years ago. In the incident, Bitgo's server itself was not breached, but the hacker breached Bitfinex's server, and then called Bitgo's API to easily transfer the coins away. Exchanges who plan to use third-party escrow services may wish to evaluate whether calling the custodian’s API after your server is hacked can steal the coins?

Using a third-party escrow service does not add additional security, because hackers hack your server, and your coins may be lost; hacking the server of a third-party escrow service provider, your coins may still be lost; third-party escrow service API If the access method and your API KEY to access the service are stolen, your coins may also be lost. In other words, from a single-point security risk, it has spread to a multi-point security risk. In the case of Bitfinex, most of Bitfinex’s coins were kept in cold wallets (more than 1,000 bitcoins were stolen from the hot wallet before) The coins in the cold wallet are safe and sound), and after changing to the Bitgo custody model, almost all the coins are lost at once, which is the same reason.

There is also the moral hazard related to the expansion of security. Let’s still take the example of Bitfinex and Bitgo as an example. Bitfinex has strong profitability and is able to pay for theft to a certain extent, so its moral hazard is relatively high. (The same is true for the case of Binance being stolen not long ago), and Bitgo is a company with weak profits. A company with little money keeps all the user assets of the company for another rich company. And bear the corresponding moral hazard, is this really reliable?

2. Another reason to carefully consider hosting services is "efficiency":

At present, every exchange is working very hard, hoping to be among the top exchanges. But in such a crowded track (think about the concept of 10,000 exchanges, you will understand), if you want to become a head, you must have higher efficiency, the most important link for an exchange—— "Coin listing" has extremely high requirements on the efficiency of the team. For new and popular blockchain assets, if they can be listed first, they can seize the opportunity and attract a large number of users to trade. The reason for other exchanges to grab it.

From this point of view, the listing efficiency of an exchange that uses third-party custody services depends entirely on the listing efficiency of the third-party custody service. Previously, Bitgo did not support Ethereum for a long time. If your exchange uses If you buy Bitgo, then you must be prepared for an exchange that cannot support Ethereum transactions for a long time.

Like those popular public chains in the past period of time: Algorand, Cosmos, Nervos, Cocos, etc., if the escrow service provider does not support it, is your exchange not ready to support it?

Even if you meet a custodian service provider who is constantly supporting new public chains, the new public chain you want to launch may not be the public chain that the custodian service provider currently wants to support first. There is still a high possibility that the two parties will meet There are many differences in prioritization, so, from an efficiency point of view, your exchange should seriously consider third-party escrow services.

3. The exchange also needs to consider "cost" when choosing custody services:

Third-party escrow services usually charge service fees based on volume, whether it is stock or traffic. For a new exchange, the initial volume is small, and it seems that the cost of escrow will be lower than building a wallet service by yourself. But to be honest, is your original intention to open an exchange in the hope that you will never lose money?

Even the current non-head exchanges should design their own wallet solutions to manage coins, because only a good cost solution will allow you to go further.

In short, the third-party custody service is not necessarily suitable for the wallet model of the exchange. The custody service may be more suitable for other scenarios, but for the exchange, whether it is security, efficiency, or cost, the exchange wallet should carefully consider whether to Use a third-party hosting service. Even if you do eventually decide to use a third-party escrow service, it is important to remember that you should still only use it as an alternative to exchange hot wallets, cold wallets should still be managed separately.

Question 2: How should the hot wallet system of the exchange be designed?

This is a question we are often asked, and we have had many different kinds of solutions in this area (such as the enterprise version of Bither Wallet back then, and the chaincloud.com blockchain cloud service later), We have also developed the exchange system in the wallet and the safe deposit and withdrawal module of the bank for Bitpie. After so many years of practice, the answer I can give to this question is very simple: please use the official full-node wallets of each public chain to build the hot wallet system of the exchange!

For example, Bitcoin uses bitcoin-core, and Ethereum uses geth/parity. Don’t think about it, this is the solution with the lowest cost and the highest efficiency, none of them!

First of all, whether each public chain is launched on the mainnet or later upgraded, the official full-node wallet must be the first to be used, because all changes are made here, and the public chain is only meaningful when the full node can run. From this point of view, if you want to support a new public chain as soon as possible, the official full node is actually the first choice for your hot wallet.

Secondly, today's public chain full nodes can usually provide relatively complete RPC call support, that is to say, the recharge and withdrawal module of your exchange website can complete address generation, balance query, transaction monitoring and other operations by calling full node RPC. The development cost is lower.

Since the official full-node wallets of each public chain are hot wallets, remember to use them only for the hot wallet modules that meet the daily deposit and withdrawal of exchanges, and large amounts of them should be regularly aggregated into cold wallets to ensure safety.

In addition, the hot wallet system should also do a good job of corresponding host security reinforcement and network security reinforcement, and do a good job of attack and defense protection to ensure the security of the wallet system. The coins in the hot wallet should also be kept as far as possible without losing them.

If your exchange has "overflow of research and development resources" like several major exchanges, then there is no need to develop a hot wallet framework by yourself, because this work is a bottomless pit, even if you have the world's top wallet research and development team like Bitpie, A huge amount of energy should also be invested in the support of the public chain. Developing a wallet system by yourself is not something that can be done just by saying it. If you have to do it, it is recommended to devote energy to the hot wallet system development of major currencies (such as BTC, ETH, USDT, etc.). For other public chains, it is recommended to use the official full-node wallet for the hot wallet of the exchange, because for transactions So, it is very important to be able to support the new chain in the first place.

Question 3: How should the exchange's cold wallet plan be planned?

The hot wallet of the exchange can use the full-node wallet of each public chain, so how should the exchange safely store large amounts of blockchain assets in cold storage?

The answer is actually very simple, that is "please use a safe and reliable hardware cold wallet to store large assets". Here is a special note, even if your exchange really uses a third-party custody service, you should still transfer large amounts of assets to your own hardware cold wallet on a regular basis, because of "safety" and also because "you also The moral hazard of third-party escrow services needs to be assessed".

Regarding the choice of hardware cold wallets, we have written a special article"Several Key Points for Correctly Choosing a Hardware Wallet"Come to discuss this matter, the principle is nothing more than "open source", "continuous iteration", "with screen", "reasonable architecture security", "good security history and reputation".

In terms of these key points, Trezor, Ledger, and the BITHD.com Bitshield and Blade hardware wallets developed by our team can meet the needs very well, and there are many new hardware wallet teams that came out in the last round of bull market. The word "open source" can no longer meet the requirements. On this point, Xiaobai may choose randomly. As an exchange, it is very inappropriate and unprofessional to choose the wrong one.

Compared with Trezor and Ledger, BITHD has great advantages in product functions and experience, and is much ahead in terms of currency support and multi-signature functions. Therefore, exchanges can give priority to Bitshield or Daofeng serves as its own cold wallet solution.

In addition, for those public chains that are not supported by BITHD, Trezor, and Ledger, how should the exchange carry out cold storage? Even though we have worked hard to make BITHD support as many public chains as possible, it is still difficult to support every public chain. In this case, what should you do?

Here we recommend that you use dedicated computers to store large amounts of assets for those public chains that currently do not have hardware wallet support, and turn them off when not in use to ensure safety. Although this solution is not perfect, after all, it is a relatively reasonable mode that you can choose at present.

When you need to back up your private key and mnemonic words, it is recommended to use a steel mnemonic board—Ice Armor, which is used to resist uncertainties such as floods and fires. This will have higher security than simply using paper as a backup grade.

Question 4: How does the exchange’s cold wallet management avoid individual asset management risks?

Single point of failure (the asset management risk of a single person) is a point that the exchange must consider. In this regard, we actually strongly recommend that the exchange use the correct solution to use the multi-signature function. The specific principles are as follows:

1. Before using the multi-signature function, you should first use an open source cold wallet (open source hardware wallet). It is "multi-signature";

2. According to the internal asset management plan, rationally design the multi-signature model, such as: 2/3, 3/5, etc. are good multi-signature models;

3. Don't underestimate the single point of failure (single person risk);

4. Don’t underestimate the moral hazard of a single individual. In our six-year history of wallet research and development, we have encountered many "inner ghosts" and acquaintances stealing coins, far more than everyone imagined;

Summarize

For an exchange, first of all, you should carefully choose whether to use a third-party custody service. We recommend that you use the full nodes of each public chain to build the exchange’s hot wallet system, because this solution allows you Occupy the first opportunity of public chain support in the competition (faster than others), and the cost is lower, and it does not depend on the security and stability of the third party.

In addition, you should also use open source, safe and reliable hardware cold wallets like BITHD, Trezor, and Ledger as the cold wallet management solution of the exchange, and you should also use multi-signature cold wallets reasonably to manage large assets with multiple people , to avoid single point of failure and single-person risk (including moral hazard).