Are you looking to do the Cryptocurrency exchange platform?
Merehead is a leading software development company. Talk to our experts to get a turn-key solution!
Write to an Expert
The global explosion and breakthrough in cryptocurrency, ICO, and the whole fin-tech industry began with Bitcoin
. Its growth is accompanied by ups and downs. Traders skillfully use Bitcoin, making money on it. But can someone else make money on cryptocurrency? Today we will talk on the other side and how to build a cryptocurrency exchange from scratch
since its inception has risen above 10,000%
. This is quite amazing. Those who did not believe already changed their minds. Many people have invested in Bitcoin and made huge money. Lamborghini, yachts, and rich life. For many of them, Bitcoin and the cryptocurrency world have become the main way to a better life
. But the situation has changed significantly since that time.
Someone thinks that Bitcoin has become a speculative currency and has begun to pay more attention to altcoins (Ethereum, XRP, Bitcoin cash etc). But through cryptocurrencies trading you can become rich only by receiving signals from experienced players, are involved in the game with whales, or have insider information.
Another way, you can create a cryptocurrency/bitcoin business
that will consistently generate revenue from the transactions of other users. Stop thinking about technical analysis, and better pay attention to how to make money with the help of a cryptocurrency exchange
Big things start with a small step. Let's see what difficulties, advantages, and features of a cryptocurrency business
. It does not matter in India, Australia, Europe or the USA. So the first step.
How to Start a Bitcoin Exchange Business?
Cryptocurrency business is now 80-90% consists of cryptocurrency trading exchanges
. Not surprisingly, the rapid growth in 2017 and the volatility in 2018 allows many investors to earn big money. Moreover, some regions (not even countries) have more demand than the market can offer.
The situation has changed since the last six months. Australia opened the borders to all cryptocurrencies
and allowed to pay bills including utilities through Bitcoin. Now it is a legal means of payment. In many shops and cafes of Brisbane, you will see signs confirming payment by Bitcoins.
The situation around the largest cryptocurrency exchange Binance
made everyone understand that Malta is one of the best places for doing business
in the cryptocurrency industry. Let's look at what types of exchanges exist.
Types of cryptocurrency exchanges
No matter how simple or difficult it may seem, there are several different types of exchanges. Each of them is distinguished by its functional, target audience, investment, ROI and period of start. Let’s check them all.
Administrator-user type of cryptocurrency exchange.
Ideal for those users who do not have more experience in buying/selling cryptocurrency. The platform has a simplified interface and easy navigation. No limit or stop-limit orders
. All exchanges are made instantly between the user and the administrator.
In such a system, earnings mostly come from the exchange rate. Some users buy, others sell. Administrator earns on a spread. For example, the current exchange rate of Bitcoin is $10,000
. You, as the owner, sell it for $10,500 for one user and buy it for $9500. Thus, you have a difference of $1,000 per unit. As a rule, the spread varies in the amount of 3-5% of the current market rate
Cryptocurrency P2P exchange.
This is a modified version of the previous model. In this case, the platform does not sell and does not buy anything from users. A cryptocurrency exchange
is only a market, where the trading takes place. It connects buyers and sellers with each other. The exchange charges a fee for the transaction. Binance and Poloniex work this way.
Decentralized cryptocurrency exchange.
It is very similar to the previous type, except that it works directly with the blockchain. Decentralized exchanges can be of several types: on-chain, off-chain, and cross-chain
. Thus, they are connected and working on the blockchain, outside the blockchain, and on several blockchains. In detail, we sorted out this type of platform in an article about decentralized cryptocurrency exchanges
and how to build it.
In short, this is an exchange that is fully or partially decentralized
. It has some functionality implemented on the blockchain. As a rule, such exchanges make the wallet module and registration module decentralized. Users have the ability to recover data and connect through any other nodes. Such exchanges are more secure
because user funds are not stored in the system. But of the shortcomings, it is worth mentioning that the functionality is very limited
. Not all features could be implemented and developed based on the blockchain
Cryptocurrency exchange with margin trading and leverage
. This is a completely new trend that has instantly gained popularity among some users. A cryptocurrency exchange with margin trading is a platform where you create contracts in monetary terms. So you can significantly increase profit, increasing risks. By the way, there are very few competitors here. Yes, and the target audience isn't huge. However, the situation is changing radically if you check some sources.
First, let's find out the largest player. This is Bitmex
, the second most popular is Poloniex. Although the second should not be considered too much in this light since Poloniex
is more likely a p2p exchange
. Let's take a look at Bitmex.
According to Alexa rank, international rating portal, Bitmex has a position - 6089 (the lower the position, the better). For example, your local mail provider in 95% of cases has a much better position. Moreover, this exchange is translated only in 5 languages. English, Chinese, Russian, Korean and Japanese. Not a wide range of localizations compared to Binance.
According to Coinmarketcap
, Binance is in 1st position (and 852 by Alexa rank) and has a turnover of $998 million per day, which is a lot, to say the least. But Bitmex has a daily turnover of $1.8 billion. It does not appear in the general list, all because they trade based on contracts
instead of cryptocurrencies.. Derivatives, futures and other swap instruments are present here. Bitmex is more like a gambling but a trading platform, the risk is very high and the profit too.
Which of these platforms you should choose is an interesting question. First of all, you should clearly understand the rules of each platform management. Anyway, you can combine several types of platforms
in one, everything is possible.
Exchange incorporation and how to choose a jurisdiction
Cryptocurrency exchange incorporation is not mandatory but is an advantage among other companies. Although some type of platforms still requires a license, bank account etc
. If you create a platform
using cryptocurrency only without fiat money, you do not need to register a company and open an account in an international bank. Fiat money is state-supported currency: Japanese Yen, Euro, US dollar, and so on, the national currency of the countries.
If you plan to have them on the platform, then the Government, state and in particular the securities commission will sooner or later pay attention to your exchange. We recommend adding KYC (know-your-customer) and AML (anti-money laundering) modules to the platform
. Maybe your Government requires a license. In that case, you will have additional expenses for management permits.
You don't need to incorporate a сompany using the only cryptocurrency. All transactions occur using the blockchain. But in this case, your profit will also accumulate in the cryptocurrency too
If you do decide to incorporate a сompany for cryptoexchange, pay attention to the following countries:
5. Offshore (Seychelles).
Each of these countries is open to cryptocurrencies and projects built on their basis. Let's take a quick look at the features of each country.
Estonia is one of the first countries in the world to say that it is open to the blockchain, cryptocurrency
, and any projects based on them. At the same time, being also the first country that introduced the blockchain into the healthcare industry
. It issues licenses for trading, opens bank accounts.
Of the benefits is to say about e-residence
. This is an e-citizenship that any resident of the world can get to start a business in Estonia. Then you can be licensing of companies and open a bank account. By the way, taxes are quite low here - about 9-12% of income
. It is worth noting that information about the beneficiaries is publicly available. Each person can see who the owner of the company is in electronic mode.
This country is one of the financial centers around the world
. Switzerland is also open to advanced technology. The government treats at investing in cryptocurrency or blockchain technology well. The cost of incorporate a company much higher
than in Estonia.
At the end of 2017 and at the beginning of 2018, Australia legalized cryptocurrencies
and any cryptocurrency business. Now it is as simple as opening any business in Australia. In the middle of summer, the country allowed all citizens to pay bills using Bitcoin. And in Australian airports, you will more often see the sign of “Bitcoin accept” than in any other city in the world, even, probably, more often than they accept cash.
Let's be honest. Any offshore jurisdiction is attractive to the founder and businessman
. Low taxes, official legal registration
, and in addition, some jurisdictions hide beneficiaries. Just paradise like the Seychelles.
Well, we figured out the registration of the company and the choice of jurisdiction. What should be the next step? What to look for? At first, I wanted to tell you more about the contents of the cryptocurrency exchange and its components, but I decided to write first about the management and the team that is needed to build the trading exchange platform
Companies with millions and billions have more than 10,000 employees. These are the real transnational giants that control the market. But the situation has greatly changed with globalization and the development of Internet business. Now it is not uncommon that a company with a million turnover can have tens or hundreds of employees
. Some of them delegate authority and send the work to outsource, saving money, time, resources and improving efficiency.
The development of the cryptocurrency industry has opened up new markets. The NASDAQ
worked 40 years and reached a turnover of $500M per day, while having more than 10,000 employees. Binance makes double the turnover with a team of just 200 people. And this is quite enough. How many developers, marketer, analysts do you need to run your own platform? At the start, you need a few people.
1. Managing Director
. He oversees all work, ensures that each employee performs his duties.
2. Marketing manager
. New platform requires aggressive advancement. Marketing and PR is the main point that distinguishes a successful project from a failure.
3. Director of partnerships
. He will find partners, contractors is the main task.
4. Support Manager
. One person can do all the work, but this is only at the beginning. In the development process you will need a team of 10-20 people. They will check all incoming tickets and answer questions. It is very important that the team works quickly and efficiently.
5. The technical part
. All technical work can be outsourced, especially if you want to build a competitor Binance or Coinbase. It is usually cheaper and faster.
As you can see, only 3 people are needed to start, and the same person can perform several duties. If you yourself or with a partner plan to open a stock exchange
, but you are not sure how to successfully start - contact our managers and they will tell you successful cases.
Cryptocurrency exchange architecture
In this section we will analyze what the cryptocurrency exchange consists of and about the features of building and launching the platform. A cryptocurrency exchange is a kind of platform that connects buyers and sellers
. The architecture of a cryptocurrency exchange can be of several types.
. This is a cryptocurrency exchange which has all-in-one architecture. The module of wallets, payments, accounts and administration are on the same server
. Deploying such a platform takes the least time. But it has problems with high loads. Technically, all the implemented functionality can be on one server, but this server will not be able to serve thousands, not to mention the millions of users.
. It assumes that the exchange consists of independent, easily manageable modules. For example, the module of wallets, the module of users, the trading engine, and so on. Each module is located on a separate dedicated server
, which at once allows it to withstand high loads. Especially if you use the correct hosting provider. It should be noted, support and modification of such an architecture is the most convenient.
. This is an enhanced version of the previous architecture. In a distributed architecture, not just each module is independent, but consists of separate submodules
. For example, a database can be on multiple servers. On the first one there is a trade transaction, and on the second everything else. The performance of such a system is the highest, but the maintenance is more expensive and more difficult.
Each of the aforementioned architectures is well suited for the respective type of platform. Monolith is the most effective for small platforms, for medium cryptocurrency exchanges - modular architecture, and for large exchanges - distributed
It must be said that the scalability of cryptocurrency exchanges is not a common occurrence. Although you can use horizontal or vertical scaling
. Increased productivity is achieved by increasing server capacity, optimizing scripts, changing the architecture, or by recoding individual modules into another programming language
Key features and capabilities
It is important to understand when building a stock exchange, the system should be simple and understandable
to the user. Liquid and profitable for owners. The amount of money earned depends on the promotion and popularity of the platform. All points are easy to list.
1. Easy to customize, add new features in the future.
2. High security.
3. Easy to manage.
4. Good performance.
We figured out what features the exchange should have. Let's look at the main components of the platform.
Modules and components
Almost every cryptocurrency exchange platform has the following components:
1. Graphical user interface.
2. Module wallets.
4. Trading engine.
5. Private administrative system.
Each module can be a monolith, as mentioned above, to be distributed or to be decentralized
. There are advantages and disadvantages to each type, it is important to know and remember your goals. Modules typically consist of layers that communicate internally to each other. The current day is the most effective API communication
with data transfer in JSON format
. This is an accepted standard that easily gives and accepts data in almost any modern programming language.
The most important is the backend. This is the core of the system. All trading operations and calculations pass through central scripts. It is very important at the first stage to pay enough attention to the design of the project architecture
The frontend plays the role of the shell in which the application is wrapped
. A web application, a mobile application for Android or iOS, and even a native application on your macOS or Windows runs on the same backend core. Errors in the architecture can significantly affect the speed and lower the level of security. We recommend choosing teams that have experience in designing similar systems.
Graphical user interface
UI/UX design must be professional and trustworthy among users. You should always remember about the mobile version
. The share of mobile sales is growing. An increasing number of users use a smartphone to make money transfers. At the first stage, there is no need to make a separate mobile version of the website. It is enough to make the mobile-friendly website and saved money invest in iOS and Android applications development.
In fact, it consists of 2 parts - cryptocurrency wallets and fiat wallets
. The wallets module allows you to connect to the blockchain and integrate the following functions: deposit, withdrawal of coins and the ability to trade in any currencies
. The number of trading pairs and their management are also included in this module. Integration of fiat money is optional. Many platforms don't have this feature
, for example, bitmex.com.
If we talk about learning Fiat currency, there are two ways to integrate this feature. You can use direct bank transfers in manual mode or Visa/Mastercard in automatic mode
. Banking transfer is the easiest way to implement. You get money in manual mode. Users receive an account within the system and send money directly to your banking account
. You see the amount and confirm the user's deposit. The advantages of this method are ease of integration. Developers can complete this task within 1 week. The disadvantage is that you always need to check the bank account
to confirm the user's deposit.
Of course, you can use automatic transactions via Visa/Mastercard. But there are some difficulties. Automatic transactions are performed on the side of payment gateways
and many of them don't support work with cryptocurrency systems
. You can connect Paypal, Stripe, but after a couple of hours, your account will be blocked or will not pass verification. There are several systems that allow you to connect Visa and MasterCard for a transaction.
For example simplex.com
etc. But as a rule, they have very strict rules. If you decide to use Visa or Mastercard, we recommend to find a right payment gateway and discuss integration details.
Let's consider how to choose the right liquidity provider for a cryptocurrency exchange and what you should pay attention to. Liquidity is the foundation stone of the P2P exchange. Order Book shows how popular your stock exchange
is and how quickly their order will be completed. If there is no liquidity or it is very small, then for many users your platform will not cause trust. There are two solutions to increase liquidity.
The first is to choose a liquidity provider
. The provider can provide liquidity only for certain currency pairs, for example, BTC/ETH, BTC/USD. On less popular pairs like HKD/XRP, TRY/ETH, you can hardly find a provider, or its fee will be high. Each provider has its own fee. Sometimes different currency pairs have a different fee. When designing your own cryptocurrency, you need to take into account their fee
, so that your business does not become unprofitable.
. In a cryptocurrency exchange, market makers are trading bots built
using artificial intelligence. It makes deals using a special algorithm for each trading pair. Market makers have the following advantages:
- Flexibility in settings.
- Integration with any trade pairs.
- High performance.
Merehead company has developed its own market makers that are successfully used
in our clients' projects.
What type of liquidity is best to use. This is a difficult question. Each has its own advantages. Liquidity providers are easy to use and easy to integrate into the platform
. But as a rule, the fee of your platform will be significantly higher than your competitors. Since you have to offset the costs of the provider and add your internal fee. If you plan to conquer the international market, increasing the commission is wrong
. It should be minimal and attract users. Moreover, when working with any liquidity provider, you need to have internal money reserves. Without them, this method will not work.
On the other hand, we have market makers. Their potential is unlimited. Market maker can be used for any currency pair
. Can be used as a bot-bot or bot-user
. In the first case, a liquidity emulation will be created. No need to have any funds for the operation of the platform. In another case, the bot will interact with users. Here you will need a stock of funds for conducting transactions in automatic mode. If you have any questions, you can contact our expert
who will tell you in detail the principle of work and what is better to use in your case.
Trading engine is the core of the system that connects and finds buyers and sellers on the exchange. The speed and performance of the exchange largely depend on the quality of the trading engine
. How to make it and what to look for? First of all, this is the number of order types. Most of p2p cryptocurrency platforms use Limit and Market orders
. They are more popular with users.
Of course, some systems allow you to place Stop-Limit and Stop-Loss orders
. As a rule, they are used only by experienced traders. Remember your targeted visitors. If at the research stage none of your 30-100 people have heard of such orders, we recommend not to add such a function. Otherwise, instead of a cool UX, you will get problems. The engine should be the way users are waiting for it.
Private administration system
In essence, this is your cryptocurrency exchange control center
. Most of the time as an owner, or administrator you will spend here. The first thing is to take care that the functionality was full and could allow you to easily manage the system. Let's look at what key tools a private administration system should have.
. The administrator must be able to verify the identity and KYC documents
. You should know the detailed information about the user: the balance in each currency, open and closed orders, transaction history, etc.
. Transactions in a cryptocurrency exchange can be of two types - internal and external. External transactions are the withdraw and deposit
of user money. In this section, you can quickly see who is demanding to withdrawal and who has made a deposit. Here you can quickly confirm or reject a withdrawal transaction if manual mode was used. Internal transactions are a history of user orders.
Wallets and trades
. Section where you can manage already pre-installed coins
. Here you can enable/disable certain cryptocurrencies, set a fee or limit on withdrawal
. Maybe in the future you will want to add a new coin. It is impossible to integrate a new cryptocurrency in automatic mode, since each cryptocurrency works on its own blockchain.
As a rule, integration takes from one day to several weeks. It all depends on the documentation and high-quality technical basis
of the cryptocurrency itself. However, you can send a request for adding new coins and developers will start integration as soon as possible.
. If you start the launch of the exchange yourself, you may not need this functionality at the first stage. Although in the future it is one of the most useful functions that allow you to delegate the rights to control of the platform
. Here you can add new administrators, and configure permissions. One administrator will have the opportunity to check the KYC, another will confirm the withdrawal of users. Other guys can chat with users and respond to tickets. Thanks to this module, you can clearly configure the platform to other employees.
. This module allows you to manage your earnings and you can check the balance of your accounts. Earned money will be accumulated in each currency. Inside the system, you can use a flexible system of fees for deposit, withdrawal and transactions
. Some currencies put a small commission on replenishment. The most popular of these is USDT Tether. When your system becomes popular, you can add new coins for a fee.
You need to pay attention to the fact that cryptocurrency platforms are used to promote your own tokens
. As a rule, it is difficult to promote a new coin on other platforms. In this case, you will give users a unique opportunity to buy/sell coins
to other cryptocurrencies.
The main tools are listed above, but the list does not end there. There are security requirements for administrators like connecting 2FA via SMS. Personal user settings and the ability to connect cold wallet
. Exporting data to your local computer will ensure that you have your own offline copy of the data for analysis.
One of the most frequently mentioned abbreviations in the crypto community. If you still do not fully understand what it is and why it is needed, I will briefly explain.
is the procedure for identifying your customer. It became most famous for its financial platforms, and it is in collaboration with the state and other financial tools. You must have come across it on other systems, only it was called differently.
Its essence is extremely simple - to identify you as a user. Know a real name, date of birth, series and number of identity documents
. Often it is an international passport, ID-card or driver's license. Some cryptocurrency exchanges require a multi-level user verification system
The second level usually requires a utility bill. It allows the platform to identify your place of residence
. A document older than 6 months is already considered invalid, since user could change their place of residence. If you rent an apartment, but in no way are listed on those documents - unfortunately, you will not pass this level.
The third level consists of letter approval that you work with the website. In this case, the platform provides a contract template
in which you agree to comply with the terms of service.
But why do we need a user identification, contract and place of residence? As a rule, in 90% of cases this is necessary for financial services
. Each cryptocurrency exchange has the ability to deposit and withdraw money. Deposit is very easy to integrate and execute. When withdrawing funds there are questions to a counterparty
. Payment systems must understand whom they send money to and this person is not a terrorist or does not participate in fraudulent actions.
In addition, user identification allows you to more accurately determine the user's location
. Thus you can restrict access to the platform in manual mode. For example, residents of China, North Korea or the Crimea. This may be necessary for you if you cooperate with international payment systems
that cannot serve the residents of certain countries or regions. If you break the agreement, you may be banned and disconnected from the financial system
As a rule, restrictions are found on ICO platforms, much less often on exchanges. For exchanges is not so stringent requirements. However, this procedure is necessary for ICO so as not to violate the SEC rules
How does KYC work?
KYC on a cryptocurrency exchange has 2 stages. First, a user with a personal account fills out a form and uploads documents
to verify itself. After that, these documents must pass the identity check.
- Internal admin panel
of the cryptocurrency platform, where an admin can confirm or reject verification
. This feature is integrated by platform developers.
- Using the 3rd services
that verify the identity of its base. Such services are paid and the cost depends on the base of people. There are local services that check users in one country, for example, Australia. But there are global ones with a base of 2-3 billion users. One of the most well-known user verification services is Jumio
. They work with Coinbase
- the largest stock exchange in the United States, which has recently been focused on experienced traders
. In essence, almost every KYC provider has the same features.
Integration with the service is performed through the API and all data is sent in automatic mode. Cryptocurrency platform receives only the reply of the verification status. There is nothing difficult. But as mentioned earlier, the cost depends on the user base and the fee is charged for checking each user.
For example, the Jumio system charges $2-$3 per user
(depending on the documents that need to be checked). If you need to check 100-200 users every day
, this service can quickly empty your pocket. Add repeated requests here if the first time the verification fails (for example, a document in poor quality). We in Merehead deliver cryptocurrency exchanges and contacted about 60 providers. Some of the cheapest take about $0.6 per user
But that is not all. There is a hidden risk. Big systems earn huge money and have their own rules of the game. Some services work with a deposit. Money is spent on user verification. It looks something like this:
The provider requires $50,000 in deposit. Each user costs you $2. So, you can check out 25,000 users. It seems everything is OK, but the money on the deposit is only some time.
Usually it is 3 months. If you haven’t spent them during this period, they are burned and you must pay again. Such expenses at the first stage of the development of the cryptocurrency exchange will seriously affect this. Therefore, we recommend checking the users yourself, and then go to the provider.
Of the advantages when working with a provider - the larger it is, the biggest user base is. This means that verification will occur almost instantly if the user already exists. Let's move on to the next question on building our own cryptocurrency software
Cryptocurrency exchange security
Any platform that deals with real or crypto money should be protected by modern methods. Let's look at the most popular methods of hacking a cryptocurrency exchange.
1. Hacking admin panel. The attacker gets full access to the management platform.
2. Hacking user. The attacker can withdraw the user's funds to own wallet.
3. Social engineering.
4. Permit-based fraudulent process.
5. Hacking server.
6. Malicious processes.
7. Vulnerabilities through external systems or tools.
Hacking admin panel
. Hacking administrative system happens often. This can be avoided or reduced by following the basic rules. Use 2FA authentication to log in using SMS or Google Authenticator
. Two-factor or three-factor protection is an additional step in your security system. Password cracking can be done by Bruteforce attacks, however, it becomes useless with TOTP code.
We recommend excluding access to the funds through the admin system. You may have a question how to withdraw your own money? The answer is simple - a hybrid storage of wallets, built on the basis of cold storage
. We do not recommend using an offline server or an internal network (Intranet) that will hold all the money. This is not an effective way.
At the moment, a more convenient and flexible solution is the use of Ledger or Trezor
hardware wallets. They are both modern, protected externally and internally, and have support for multi-currencies (more than 500). The size of the device resembles a USB drive. It is easy to wear and comfortable. In addition, wallets are generated by a seed phrase, which means that if the wallet is lost, you can easily recover it.
. The user is the very first target of any intruder. First of all, hackers choose a victim for a long time, because it is extremely difficult to hack everyone. In addition, on average, the user sells a small budget of up to $1,000. The goal of the hacker is to find the richest users
who have a balance of more than $10,000. They analyze the available information in detail. If you often write in the networks and the crypto community about investments, or even throw screenshots of your portfolio, you are a great prey of hackers. First of all it refers to Reddit
, because the crypto community is one of the largest.
Always ensure that there is no anti-phishing and 2FA is enabled
. Moreover, double check email to use 2FA. Typically, hackers start hacking from email.
The most dangerous is social engineering
. Unfortunately, there is no cure for this type of hacking, and it completely depends on the discipline and attentiveness of the user. Never send your passwords to anyone
(even from email). It is dangerous to even send your email address, because the data on the Internet is almost impossible to delete. In this case, it is better to be anonymous, not to spread information about yourself and money. Money loves silence.
We recommend having functions for tracking device authorization, location, session length and IP address
. With similar data, the administrator or system can predict suspicious user activity. And in this case, request additional data for authorization from the user.
. We are social beings, and we feel the need for communication, caring and any other human feelings. Many people perceive another person as a priori good until he proves the opposite. This is one of the most serious problems in social engineering. The so-called "hacking man". It is often practiced by fraudsters in the financial industry requiring personal card data. Usually fraudsters are represented by employees of a bank or other financial institution where they are sure the user is registered. Be careful when sending any personal data
. We don't recommend do it.
Permit-based fraudulent process
. The system of permissions for admin parts is structured in such a way as to create roles and divide tasks for each employee. For example, in the admin system it could be a moderator, administrator, and super-administrator, financier, etc. In addition, you can create any other user (admin) with your permissions.
Thus, there is a likelihood of abuse of trust. Allocated permissions will allow the admin to give data to the attacker for hacking the platform. As a rule, a cryptocurrency platform accumulates a lot of money of users. Be careful when selecting employees and delegating permissions
. This is a serious problem, and to avoid it, it is better not to save on the provider. We do not recommend using your own servers or using the services of small providers. Security is paramount. You can pay attention to such providers as Amazon Web Services
or Microsoft Azure
. Today, the AWS ecosystem is considered one of the best and provides many opportunities: protection of DDoS-attacks, mail service, migration, media services, firewall
. Malicious programs can make damage to your cryptocurrency platform, but how to protect yourself in this case? First of all, let's think about how malicious processes or programs can get to your server.
The most common way is to upload a malicious program using the platform's external tools. If the system allows you to upload photos for KYC
- then they are definitely stored somewhere. A holey architecture has gives many opportunities for intruders. Therefore, open-source cryptocurrency exchange is extremely dangerous. According to the analysis of 2015, 88% of exchanges built on open-source code have holes and vulnerabilities
. Adding validation allows you to avoid uploading malicious files, binary codes or exe-programs.
In addition, it must be said that some malicious programs are uploaded by freelancers. We had a case when a client came to us with a system performance problem. After a detailed analysis of the processes on the server, we noticed a small mining script. It was mining coins. The script worked about 2 months and only stole server performance. The client did not receive significant damage but be careful and trust the development of only reliable teams
Vulnerabilities through external systems or tools. The least obvious point, but is fraught with no less danger than the previous ones. The exchange can rarely operate as an independent unit. Let's be realistic, for the current day, hardly any platform at all can work independently. Payment gateways, authorization system integration is social networks, email, call and SMS integration, CRM system, support service
- these are only the main functions that use external services.