No matter what decision COSS exchange will take I call other exchanges to add an extra security feature to protect users funds. TRADING PASSWORD. This will prevent anybody to sell users assets on the low liquidity markets for cents even if the password was compromised and exchange grants brute force attacks.
Im not promoting anybody, just facts:
Bitfinex doesnt have it
Binance doesnt have it
Poloniex doesnt have it
Gate.io HAS IT.
I'm glad this worked out for you! I can't believe things like this are still happening. I programmed an exchange back in 2012-2013 (BTC Trading Corp) which had both failed login brute force protection and per-trade 2FA, which was awesome with Yubikey support. (not great for Google Auth - very time consuming - but at least SAFE)
I'll point our devs for our upcoming new exchange at this post - good for them to see why these things are important!
Cheers