Topic: How do big exchanges take care of cold & hot wallets? (Read 140 times)

Since nobody knows what and how these hot and cold wallets of exchanges are taken care of then we can just speculate about the possibilities.

Well since we know the basics there should be hot wallets which is supposed to provide liquidity for the withdrawals requested by users and also every deposits made has to go through so the hot wallet system is more complex since it involves multiple cryptos on different addresses simultaneously deposits and withdrawals and about the cold wallet it will be very simply like multi signature wallet that is stored in a highly secured place and we can imagine something similar to bank vaults.

Since Binance hot wallet has been hacked several times, some press reports and statements made by CZ may give us an overview of how it works.



https://www.binance.com/en/support/announcement/binance-security-breach-update-360028031711
https://www.binance.com/en/blog/all/binance-security-incident-update-2-333497959022997504

as it seems, the transition from cold storage to hot is not done automatically, but manually, according to the need to cover customer requests.
the hot wallet is separate from the platform system and they have additional methods besides the methods we are familiar with.

I think that cold storage is more complex than just Multi-Factor Authentication, as we are talking about thousands of bitcoins and a system in which cold storage does not interact with hot directly.

Ain't know either, the one who answers this might be the CZ on Binance.

But based on what I've read somewhere else before their cold storage wallet was protected by what they called "Multi-Factor Authentication" which this sensitive system typically requires multi-factor authentication, combining something you know (password), something you have (like a hardware token), or something you are (biometric data) to ensure a higher level of security.

About their hot wallet, it could be about the API and the blockchain nodes and how they combined to execute automatically.

It is simpler than what you imagine. They have an internal system that is completely independent of the deposit and withdrawal system.

This internal system is a big database through which all transactions are verified, fees are deducted, orders are executed, etc. All of this system is management of a central database and the blockchain has no place here.


The withdrawal and deposit system is often separate. Once you create an account on CEX, you are given an address in the deposit and withdrawal system. You send your crypto to that address. D&W system makes sure that you send correct amount and the database is notified to add a balance to your account.
The opposite happens when you want to withdraw, the amount is deducted from your account and everything is confirmed, after which the amount and withdrawal address are sent to the D&W system.

The deposit and withdrawal system manages all operations on the blockchain and calculates the average liquidity needed during a specific period, for example within a day or several hours, and thus puts the appropriate currencies in the hot wallet and all extra amount is withdrawn to the cold storage.

Cold storage is mostly via a multi-signature wallet and a hardware wallet developed specifically for the platform.
The hot wallet is similar to our wallets such as electrum, except that it was developed to deal with big addresses according to how big CEX.

Everything that happens is almost the same as running a big centralized system.
It is difficult to predict the amount of bitcoin required for withdrawal, and there is a high probability that the hot wallet will be exposed to hackers, so here comes the role of the platform in the trade-off between ease of withdrawal and currency security.

Well, you answered the question yourself. That's one safeguard against insider crime. If they would give a hint I think the explanation would be more technically complex.

They hold millions of dollars of customer money which is the reason they should have a security system above the standards that we have learned in this forum, they have to protect it against attacks from all directions.

Precisely. Giving anyone information on how they store it exposes additional attack vectors that people could exploit if they were to find any weakness with it. Most exchanges would throw different terms like "military grade hardware", "military grade encryption" but they would never tell anyone how it is stored exactly. Even if they were to tell, they could lie about it in order to mislead any adversary and keep their funds safe. Having lesser knowledge of how it is stored gives them extra time and increases the complexity of any attacks.

Hence, any comments on their security model, be it how it is stored, where it is stored, who has access to it, are sensitive information which no one knows and any comments on it should be treated as a speculation.

They should have multiple secure backups held by top people in management and maybe a third party storage firm.
Employees do not need access the cold wallets.

These are sensitive questions that users here will not be able to answer. These big exchanges cannot reveal the exact modalities of their storage without compromising on security.

- Jay -

I don't ask where they save it, I ask how do they save it. A lot of famous people, including Vitalik Buterin have been on this forum, a lot of famous companies have created an ANN thread here, so, that's why I expect that maybe someone knows and wills to tell us a little bit about it.

No, I definitely don't compare the security level of CEX to the SL of nuclear weapons. I'm just saying that there should be a similar structure, where decision is not made by a one or two person and it needs to be verified by a lot of people while at the same time, they shouldn't be able to cooperatively steal coins. It's very interesting to know, who creates the cold wallet, in what conditions, how do they manage that cold wallet after that and so on.

They have to hire people to create exchange and manage cold wallets, this is the field where companies aren't much experienced in things like this but still they hire and find solutions, the structure of how it operates can't be a secret to my mind.

It is their trade secret and I doubt anyone will reveal any such info on a public forum, being "educated" does not make one a god.

But we can make some educated guesses and they can be partially correct. In my opinion a general wallet structure should be a number of hot wallets to compensate the daily trading volume based on monthly or yearly averages and a number of cold wallets to support the hot wallets in times of stress. This might be automated by possibly needing human actions at some points.

I can only begin to think of the level of security they would apply to these wallet and it would be futile to guess.

About 5 years ago, I read an interesting article about how a well-known CEX approaches such things, and since then until now something has probably changed (in a positive sense). Of course, it's not logical or smart to reveal all the secrets, because that would make it easier for hackers.

I would not agree that the security that should exist on CEX should be compared to the level of security that is present in the codes for nuclear weapons, because the latter is still far more sensitive and if hacking or abuse were to occur, it would probably mean the end of the world as we know it today.

https://www.wired.com/story/coinbase-physical-vault-to-secure-a-virtual-currency/
https://pastebin.com/q3dzzWYV

The actual answer is that no one knows. It is the best interests of exchanges or any major services to keep sensitive details like these secret. I would be rather concerned if anyone were to thoroughly understand how the security of each exchange is designed.

Some exchange store their fundson Multi-Sig, Bitmex being one though they didn't say how the keys are being stored. Coinbase, Gemini, etc all say they hold the majority of the funds offline at different secured facilities on hardware modules and they are not disclosed at all. Any employees working for the exchange, or just any financial institutions in general are required to sign an NDA. If any "ex-employee" were to disclose, they would be getting a nice lawsuit served to them.

Besides, what's the point of them saying? You should take those at face value, after all, most of their claims might not be credible most of the time. The handling of keys and transactions are not verifiable.

There are a lot of highly educated people on this forum, so I hope someone will come up with a good answer. Maybe some of you have even worked or still work in top exchanges.

So, does anyone know how do big exchanges, like Binance and Coinbase take care of their cold and hot wallets? They have a lot of bitcoins on their cold wallets and we all know that once your bitcoins are gone, they are lost forever. So, their cold wallets should have top-notch security. Does anyone know where and how do they store their wallets, what kind of backups do they do, how do employees gain access on cold wallet in case there is a necessity? Definitely it should be accessed in a way that no one will be able to stole it, nor should employees be able to gain access on it by evil cooperation. Overall, who keeps the keys or seeds.
I will be very glad if anyone competent talks about it. It's a very interesting subject.

I really think that the situation in this case should be very similar to the decision-making process of launching nuclear weapons.