Pages:
Author

Topic: 🔵🔵🔵 Announcing TradeBtc European Exchange 🔵🔵🔵 (Read 195 times)

newbie
Activity: 164
Merit: 0
Is the phone sms working for registrations? or just use 2FA
We encourage you to use 2FA
Yes, SMS auth working, sure!
When will you fix the verification procedure? This error has been ongoing since May !? "413 Request Entity Too Large"
newbie
Activity: 452
Merit: 0
because when I send the documents for verification of the account the page turns off ?? I've been trying for 2 weeks ....
jr. member
Activity: 129
Merit: 1
Hey, have some time if you want help, or to ask questions.
newbie
Activity: 24
Merit: 0
Is the phone sms working for registrations? or just use 2FA
We encourage you to use 2FA
Yes, SMS auth working, sure!
copper member
Activity: 10
Merit: 0
We announce an incentive for the first 20 Users Only - get $5 in BTC and 100 Xor on your TradeBtc wallets addresses for deposits for registered and verified profiles only! Post your receiving BTC and XOR addresses ( from the TradeBtc wallets that is)  here and we will top up your wallets!
copper member
Activity: 10
Merit: 0
Is the phone sms working for registrations? or just use 2FA
We encourage you to use 2FA - but SMS works as well
newbie
Activity: 1
Merit: 0
Is the phone sms working for registrations? or just use 2FA
newbie
Activity: 24
Merit: 0

Is good to see someone with technical knowledge backing up their product. I hope it will be a successful exchange
Thanks, man. In fact, after reading the comments I decided to encrypt all sensitive data (not only DB), which makes a lot of sense, as then if there is a breach the only thing an attacker could do would be to mess the instance, but won't be able to transfer coins.

copper member
Activity: 10
Merit: 0
One thing that should be mentioned here is that TradeBtc is NOT some exchange off the shelve and installed by some Dev on a VPS. It is a highly customized exchange that took into account 1- security 2- stability 3- reliability 4- redundancy
newbie
Activity: 8
Merit: 0
Still an incentive or discount is needed for the first to join IMHO
newbie
Activity: 26
Merit: 0
When will ETH ?
newbie
Activity: 7
Merit: 0

If you are so confident why don't you offer a bounty for hackers?
No, I am not over-confident, only stupid people would be so. But speaking about the bounty offered to hackers, you would be amazed that we did it, via a shared testing of the platform. We learned then the weakness (very few though) and then took measures to fill gaps.

As I explained on a different topic, at this point not the code itself might be faulty for most of online exchanges, but their architecture. You cannot expect a poorly written php code running on a VPS to withstand a serious attack. Same if the host machine can communicate directly to the blockchain, then any insider can run code from that instance on shell do things.

So, basically, hacking  a server is a complex orchestred attack on several (sometimes one major) vulnerabilities. This is why as hacker techniques evolve so must the security do, to keep up with latest realities.

I am giving you a simple example: let's assume (though, as I have said, it is basically imposible seeing how paranoid AWS engineers are) a hacker gets access to the main instance: looks for wallets (without them cannot steal coins) and find them encrupted. Let's say he finds the key and decrypt them and start sending cURL commainds to the API that processes the requests. All requests are manually appoved by 2 admins at API level. The hackers must take small amounts in order to not withdraw attention. But within a day somebody should see that the account has been hacked (as the API post back the transactions so the amounts are deducted from users accounts) and the damage is limited. But again assuming that a hacker gets access to the server is a very extreme scenario.
Is good to see someone with technical knowledge backing up their product. I hope it will be a successful exchange
newbie
Activity: 24
Merit: 0

If you are so confident why don't you offer a bounty for hackers?
No, I am not over-confident, only stupid people would be so. But speaking about the bounty offered to hackers, you would be amazed that we did it, via a shared testing of the platform. We learned then the weakness (very few though) and then took measures to fill gaps.

As I explained on a different topic, at this point not the code itself might be faulty for most of online exchanges, but their architecture. You cannot expect a poorly written php code running on a VPS to withstand a serious attack. Same if the host machine can communicate directly to the blockchain, then any insider can run code from that instance on shell do things.

So, basically, hacking  a server is a complex orchestred attack on several (sometimes one major) vulnerabilities. This is why as hacker techniques evolve so must the security do, to keep up with latest realities.

I am giving you a simple example: let's assume (though, as I have said, it is basically imposible seeing how paranoid AWS engineers are) a hacker gets access to the main instance: looks for wallets (without them cannot steal coins) and find them encrupted. Let's say he finds the key and decrypt them and start sending cURL commainds to the API that processes the requests. All requests are manually appoved by 2 admins at API level. The hackers must take small amounts in order to not withdraw attention. But within a day somebody should see that the account has been hacked (as the API post back the transactions so the amounts are deducted from users accounts) and the damage is limited. But again assuming that a hacker gets access to the server is a very extreme scenario.
newbie
Activity: 7
Merit: 0
Because he can’t. Hackers will always find a way. If you know anything about crypto you will realize that all the hacks were because of insiders info or cracks into the exchanges security
newbie
Activity: 8
Merit: 0
OK guys, I had this account for a few months, when I first tested the exchange. Meanwhile we kept testing and hold it before integration of oracol coin. I didn't want to trully go live before all security aspects being crystal clear.

We opted for a delay in going live so that all might be thoroughly tested. I have been working for an year and 3 months on this platform, which started with the security in mind, seeing the large number of later hacking incidents on various exchanges. I personally found bitgo not only very usefull when it comes to securing the exchange, but also keeping the record clean, as everything is mirrored within their interface.

I have been extremly concerned about a secure trading envorinment, I constantly strived to cover all known issues, we put the code on separate redundant instances on a private subnet, separating DB and making it unreachable directly from outside. The final step will be to put on top of it a WAF, which will filter extremely tight inbound and outbound traffic.

With bitgo withdraw filters in place, even if (absurdly speaking) somebody would gain access to the instance (though it is impossible, seeing that the access is made via private ssh keys), it would be impossible to steal coins as bitgo offers an exra layer of security by setting the API to manually approve the withdrawals. The SMS authentication of transaction would require a phone number to be stealed in order to even think to hack an individual account.

We closed a deal with our ING Belgium bank for fiat, so here the things are straighforward, we do not take money into 3rd countries as even largest exchanges do, creating a vulnerability.

I would like to udnerscore once again that this is not a simple exchange, but trading platform, whicn means at OS level there is a trading engine working according to any stock exchange rules: if an user sells let's say for 1.000 units and buyer offers 1.100, the deal is closed at 1.000, as the SEC actually requires. Additionally, the bids and asks can be cancelled any time before transaction being completed, a user and a seller will finally agree on their own price, without depending on 3 party quotations. The wallets are generated via bitgo (HD wallets) and not depend on any other external provider.

Overall, tradebtc.eu offers all services, from wallet creation and management, new wallets for each transaction if user choose so, a strong real time trading platform, secured storage if needed (but users can withdraw money right away in their own external wallets), free deposits on everything, 0.16% trading and withdrawal crypto fees (on bitgo coins there is their fee, 0.25%, but it does fully worh for the extra security layer it adds), we hope to lower bitgo fees in the future. For fiat the minimum deposit is 10 units (usd, gbp, eur) paypal accepted but if you want to withdraw fiat you may expect 1% flat fee or 15 units flat fee if the 1% is lower than 15, becaause all fiat transactions are done manually and signed with a digipass.
If you are so confident why don't you offer a bounty for hackers?
newbie
Activity: 7
Merit: 0
What is the wait time for a bank deposit ?
copper member
Activity: 10
Merit: 0
newbie
Activity: 24
Merit: 0
OK guys, I had this account for a few months, when I first tested the exchange. Meanwhile we kept testing and hold it before integration of oracol coin. I didn't want to trully go live before all security aspects being crystal clear.

We opted for a delay in going live so that all might be thoroughly tested. I have been working for an year and 3 months on this platform, which started with the security in mind, seeing the large number of later hacking incidents on various exchanges. I personally found bitgo not only very usefull when it comes to securing the exchange, but also keeping the record clean, as everything is mirrored within their interface.

I have been extremly concerned about a secure trading envorinment, I constantly strived to cover all known issues, we put the code on separate redundant instances on a private subnet, separating DB and making it unreachable directly from outside. The final step will be to put on top of it a WAF, which will filter extremely tight inbound and outbound traffic.

With bitgo withdraw filters in place, even if (absurdly speaking) somebody would gain access to the instance (though it is impossible, seeing that the access is made via private ssh keys), it would be impossible to steal coins as bitgo offers an exra layer of security by setting the API to manually approve the withdrawals. The SMS authentication of transaction would require a phone number to be stealed in order to even think to hack an individual account.

We closed a deal with our ING Belgium bank for fiat, so here the things are straighforward, we do not take money into 3rd countries as even largest exchanges do, creating a vulnerability.

I would like to udnerscore once again that this is not a simple exchange, but trading platform, whicn means at OS level there is a trading engine working according to any stock exchange rules: if an user sells let's say for 1.000 units and buyer offers 1.100, the deal is closed at 1.000, as the SEC actually requires. Additionally, the bids and asks can be cancelled any time before transaction being completed, a user and a seller will finally agree on their own price, without depending on 3 party quotations. The wallets are generated via bitgo (HD wallets) and not depend on any other external provider.

Overall, tradebtc.eu offers all services, from wallet creation and management, new wallets for each transaction if user choose so, a strong real time trading platform, secured storage if needed (but users can withdraw money right away in their own external wallets), free deposits on everything, 0.16% trading and withdrawal crypto fees (on bitgo coins there is their fee, 0.25%, but it does fully worh for the extra security layer it adds), we hope to lower bitgo fees in the future. For fiat the minimum deposit is 10 units (usd, gbp, eur) paypal accepted but if you want to withdraw fiat you may expect 1% flat fee or 15 units flat fee if the 1% is lower than 15, becaause all fiat transactions are done manually and signed with a digipass.
newbie
Activity: 8
Merit: 0
Do you give any benefits to start ?
Yes. There are no incentives to join. As new members we must have some sort of discount
newbie
Activity: 7
Merit: 0
Do you give any benefits to start ?
Pages:
Jump to: