Unfortunately you haven't actually detailed any solutions yet other than stating the current system is unsatisfactory. If you want to outline exactly how this can be done, then I'm all ears, but until then, I don't think this conversation is going to go anywhere.
For future reference, the requirement of the paper which you quoted explicitly details that the situation that we've been arguing about is noted as (practically the only) attack vector on the system:
In the event that both the exchange and the user's computer is breached, the user has not previously placed trades while under surveillance and the user has set up SMS authentication, the attacker should not be able to withdraw funds or place trades on the user's behalf.