How to Secure Cryptocurrency Exchange – From the Security Perspective
destruction of the Mt. Gox exchange hack is remembered among the
crypto enthusiasts for its security breaches and thefts. The seismic
wave of stolen data led by a gigantic hacking ended in the inevitable
filing of bankruptcy by the exchange.
The root cause
behind the hack was quite intricating; however such breaches could
have been prevented with a right security approach. When we say best,
we are signaling to what banking institutions and Governments have
been putting their faith on for last decades and that is secure
hardware. We are talking about…
Security Module is a physical computing device which protects and
manages cryptographic keys and gives a secure implementation of
critical code. These modules come in the form of a PCI card which can
be connected to the network directly.
Modules have built-in anti-tampering technology which destroys
secrets in a physical breach case. They are constructed around secure
crypto processor chips and active physical security measures such as
meshes to alleviate side channel attacks. HSMs (Hardware Security
Modules) have been actively used in the banking sector and in all
industry verticals where secrets of criticality must be taken care
Security Architecture for Exchanges
presents the Ledger recommended HSM based architecture in order to
secure the exchange’s hot wallet. Cast a glance at these different
modules/services in play:
Exchange engine: It requests payment orders as customers ask for a withdraw.
Exchange business logic: API with a view of all customer’s balances, soft/hard withdrawing limits and payment history.
Hardware Security Module: PCI card connected to a server in the cryptocurrency exchange’s data center.
Ledger Blue: A secure device protected by PIN code and kept in a safe.
2FA App: An external second-factor channel on the user’s phone.
The HSM (Hardware Security Module) is built around the below-mentioned units:
Core: This is the ledger Operating System, protecting the root
seed from which all key pairs are derived and exposing API so
internal business apps can function. Those apps are tested and
signed offline which have no modification scope when the system is
Channel: Each signature request should be validated by the
internal plugin. It will need two challenge approvals, one from the
cryptocurrency exchange business logic and the one from the user
Limiter: This sets hard limits on the velocity of what all the
HSM is authorized to sign. For example: 1000 BTC/hour, 15000
BTC/day. This is an important number because it will ultimately
decide the maximum amount of loss in a case of total system
compromise. The only important way to modify the rules of the
limiter is all through an authorization signed by the Ledger Blue
Security Modules are tested carefully and have been limited to
misunderstandings of the administrative interfaces. One can say that
nothing is unhackable and this would be true, however difficulty in
achieving it is a few orders of magnitude higher than just taking
control of a comprehensive IT architecture. Thus, the best of
security technology is nothing without carefully audited internal
In this post, we have explained about how Hardware Security Modules can revolutionize how blockchain technology works. So, if you are looking to integrate this security module architecture into your crypto exchange, leverage the best of our cryptocurrency exchange development services and enhance the exchange platform operations.