Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: What do you want to see in an exchange?
by
acoindr
on 12/03/2014, 22:07:00 UTC
Quote from: nxthardware on March 12, 2014, 06:23:20 PM
I've been working with a team of engineers for the last 6 months on a new exchange. We have acquired banking support for 10 different fiat currency.

Wanted to see what the community is looking for in a new exchange, currently we have the following:
- Mandatory 2FA
- Verifiable user funds
- User KYC documents encrypted and stored in Canada, backed-up offline
- On EC2 so that we can sustain DDOS attacks.
- Incorporated outside of the US, so that user privacy is protected.

I wouldn't have mandatory 2FA. It's not like that's a bulletproof answer. I've seen posts from people claiming to have lost coins with 2FA enabled. Security is always a balance between convenience and robustness. You could say mandatory colonoscopy too, but that may not fit well with some users.

What I would do is have 2FA in the flow by default, but give the option to opt-out, while making it very clear it's considered a big loss of a security protection layer. However, some users know what they're doing, or have other reasons they might opt out of 2FA.

The only thing which should be mandatory is a strong password.

There are a few other security measures which can be very effective, yet remain convenient too.

The first is simply requiring email link confirmation for every withdrawal request. BTC-e has been doing this for a while. It doesn't seem all that inconvenient, yet a hacker would need access to two different accounts.

The second is giving the user the option to set a permanent wallet withdrawal address, an address where no matter what it's the only one the site sends funds to. The only way to change that address requires a colonscopy phone call, or perhaps photo ID submission, etc. That way a hacker can only send funds to an address the user controls, unless they can prove they are authorized to change the withdrawal address.

The last simple yet highly effective security measure is delayed action. Again, give users the option to set a minimum 24/48/whatever hour delay before some action completes. This can be a withdrawal, or changing the permanent withdrawal address etc. This way a hacker in control of much of a user's info must hope the user does not become aware something is wrong before the changes go through, which is unlikely.

Last, in terms of website security, simply be sure the majority of funds are kept in cold storage and refill hot wallets as needed. It's better to possibly delay some customer withdrawals and deal with customer service than be forced to announce a severe loss of funds which can't be recovered.