C3 Exchange: safe data storage, secure operations.

The report of the international company Group-IB specializing in the prevention of cyberattacks states, that along with a sudden increase in interest to cryptocurrencies, dozens of attacks on cryptocurrency services have occurred. From 2016 to 2017 the number of compromised user accounts of crypto exchanges increased by 369%. In January 2018 the number of incidents increased by 689% compared with the average monthly indicator of 2017.
One of the main priorities for the development team of C3 exchange was security. According to the team leader of C3 exchange as well as one of the best programmers on Golang, it is difficult to hack our exchange.
“In fact, it is more difficult to hack our exchange because we have just abandoned some unsafe “bicycles” by going in a simpler and more reliable way: publicly or indirectly available services never know about the existence of services that need to be protected and vice versa . In internal services there is even no Internet 😄»
Most of the time the development team, including the team leader, tests each new module of the exchange on the local server. For additional security before the official launch of the exchange the pentest by third-party programmers will be also conducted.
“On security issues — we understand and know a lot of possible attacks but we can not protect the user from his own mistakes without limiting him in some ways, for example, using the password” abcdefgh “,” 123456 “or others who simply reduce account security to zero. Therefore, we simply cut the user’s capabilities and add a bunch of micro instructions on this topic”
For example, users will not be able to use the passwords that were previously compromised. They will not be allowed by the system at registration. The selection of the password is even further complexed by the fact that there is almost no limit on the length of the password and the waiting time between attempts to enter the password exponentially grows with every wrong input.
In addition, users’ wallets for security are stored separately what makes it impossible to get data by intruders. Moreover, even the team itself does not have access to the users’ wallets. The encryption key is unknown, in order to learn it, you need to rewrite half of the system which will lead to the loss of data.
“ For intance, you broke through to our provider, found our servers among tons of them, and somehow logged in to the server. And what? This person still will not get the data“
“Cold” wallets are used to store the principal amounts of cryptocurrency. They are disconnected from the Internet which prevents cybercriminals from stealing funds from the exchange when it is hacked.
Also, correctly made API with a limited set of functionality will not create a threat to C3 exchange security. We give an opportunity for users who know how to program and use their public API to manage their account. But at the same time private information will be unavailable from the public API, only the name and email if the authorization is correct.
Drawing on the experience of the largest crypto exchanges, we took into account all unsafe algorithms and avoided them. We made a reliable C3 crypto exchange. On C3.Exchange you can trade both crypto and traditional assets as well as use professional trading tools. Trade, invest, earn on C3.Exchange already in October.
