Bit.Team takes pride in the security of its P2P exchange
The Bit.Team DEX is proud of its security record and of the steps it has taken to ensure that traders can use the platform with confidence.
Bit.Team is a blockchain technology start-up, launching a new global multi-currency exchange. This decentralized P2P exchange is already at the beta testing stage.
The company is planning an ICO in the next few months. They note that the funding from this ICO will go towards further expansion of the company as a working product already exists.
In a recent interview reported in Forbes, the co-founder and CEO of Bit.Team, Anatoly Berdnikov, talked about how secure their exchange was.
“Proof of the system’s security is the fact that there has not been even one successful break into our system despite more than 1,000 registered cases of hacker attacks, which the company has managed to successfully track and prevent. This has led to not even one dollar being lost!”
Cybersecurity is a critical element in any online financial transaction, whether this be for fiat or for cryptocurrencies. And it becomes even more critical if you are in the exchange business.
This article will look at some recommendations for security for exchanges and compare this to what Bit.Team is doing.
Centralized vs decentralized — which is more secure?
Many people believe that centralized exchanges are best placed to ensure security because they generally have more development resources, a security team, hidden servers and other responses. However, there are multiple reports of centralized exchanges being hacked, from Mt Gox in 2014 to Coincheck, Bitgrail, Coinrail, Bithumb and Bancor in 2018.
Bancor was particularly interesting and contentious. This is meant to be a decentralized exchange. But when $23.5 million was stolen from its hot wallet, almost half of which was its own BNT tokens, Bancor immediately froze these tokens. As one person noted:
An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization. https://t.co/22UYygIhEF
— Charlie Lee [LTC⚡] (@SatoshiLite) July 10, 2018
Decentralized exchanges are still fairly unproven. It will be up to new entrants such as Bit.Team to prove that they are secure.
Typical security features for exchanges
Reputable exchanges will have a number of security features in place and will have a dedicated team to closely monitor all transactions.
Certain information such as user passwords should be encrypted. A password should be stored as a hash value in the database. Even the staff of the exchange should never be able to view a password in plain text.
Two-factor authentication (2FA)
Most logins require a username and password. As an additional layer of security, an authenticator application can be used to let the user also enter a one-time pin that has been sent to their phone before being granted access. Some systems use biometric data (for example a fingerprint, eye scan or facial recognition) as the authenticator. Many exchanges provide 2FA as an optional feature, but it should probably be compulsory.
eMail and SMS notifications
Sending an email or SMS notification to users confirms any transactions that they have undertaken on their accounts and alerts them of any activity that is not theirs. Some exchanges, including Bit.Team, use social media platforms like Telegram for this messaging, thus adding the security of that platform to the action.
Most experts recommend that at least 95% of funds should be kept in cold storage — i.e. not connected to the internet. A rule of thumb is not to leave more in a hot wallet than you can afford to lose.
Exchanges should have a system of air-gapped chilly stockpiling. This involves isolating a computer or network from establishing any internet connection. It must not be able to connect wirelessly or physically with other computers or network devices. There are strict protocols about the distance a device can be from outside walls and even mobile phones.
Wallets are protected by private keys, known only to the owner. Funds cannot be moved from a wallet without a private key.
An added layer of security is added if more than one private key is required to allow for the movement of funds. This requirement for more than one “signature” can be for all transactions or for transactions above a certain limit, and so on.
KYC and AML
Many exchanges use companies dedicated to managing the know-your-customer and anti-money-laundering aspects of the business. For example, a company like ComplyAdvantage uses artificial intelligence (AI) to screen and update user profiles. It allows for automated customer onboarding, the monitoring of transactions, verification of IP addresses and can pick up suspicious patterns of behavior.
Most reputable exchanges will also have a dedicated group of staff members whose task is to monitor transactions and identify anything suspicious. It was a risk management team such as this that picked up and stopped a phishing and hack of the Binance exchange in March 2018.
Many hacks are also the result of sloppiness in the way development is managed and documented. Version controls, separate test environments and dedicated QA teams, institutionalized change control, penetration tests into the security profile should all be standard practice.
In addition to these features, features typical to website security should be enabled. This includes SQL injection, XSS, server side and form validation, directory lockdowns and permissions.
Too many exchanges are being set up by developers and speculators who do not have an in-depth understanding of financial services systems, regulations and accounting practices. This knowledge base is critical if a crypto exchange is to become at least as secure as traditional banking systems.
Security features on the Bit.Team DEX
The main focus in developing the Bit.Team exchange was that it should be user-friendly and simple to use. At the same time, it is incredibly secure and complex, according to its CEO, Anatoly Berdnikov.
Critical to this is the experience base of the team. Together they have over 70 years of experience in blockchain and cryptocurrency technologies. Their sister project WALLBTC has more than 30,000 daily active users and is one of the biggest online exchange platforms in the CIS (Commonwealth of Independent States) region.
Berdnikov is known to be supportive of regulation in the cryptocurrency world, believing that it will lead to much wider adoption. He and his team make sure that they are compliant with all fintech regulations and they work with three international legal firms to ensure that they match the laws and regulations all around the world.
All information on the system is cyphered and protected via cryptographic keys. These keys are also highly secured and are accessible only by the CTO and the CEO. A two-man multisig system means that the CTO and CEO each must have both keys and they must be united together to unlock any information. Berdnikov compares this to the American system where both the President and the Secretary of Defense jointly authenticate the use of nuclear weapons.
The main anti-hacking feature of the Bit.Team exchange is that it does not hold the funds of users. These funds always remain in the traders’ own wallets — which means that traders themselves must take responsibility for their security. A hack of the exchange will not give access to these wallets.
Multi-tiered levels of security are available to traders, and they can select what suits them best. This includes a specialized cold wallet, optional 2-factor authentication and limits on the size of transactions unless KYC and AML verification procedures have been complied with.
A unique security feature for traders is the Bit.Team “blocked deposit” system. Cryptocurrency is blocked on the seller’s account until the buyer makes the payment, and then the currency is released. Both buyer and seller are protected by this system. In the case of a dispute, a Bit.Team member will act as arbiter.
Also important for both buyers and sellers is a peer rating system. Everyone can rate their experience with other traders, giving confidence to others that they are dealing with legitimate traders.
The Bit.Team DEX promise: simple, secure and fast
The Bit.Team promise is that their exchange will be simple, fast and secure. In a previous article, we described some of the technical and conceptual IP behind the project. Here we have looked at the security features.
Time will tell how successful the exchange will be. But it certainly seems that they have given a significant amount of attention to ensuring that it will be secure. This is good news for traders.