As you may already know, cryptocurrency exchanges keep their client’s funds safe through the use of cold and hot wallets. Hot wallets are connected to the Internet and store funds meant for liquidity purposes. Cold wallets, a standard practice in the cryptocurrency industry, store much larger amounts.

However, improper storage of cryptocurrencies or weak security measures are responsible for 39% of the 60 exchanges that have exited the market. Even some of the most popular exchanges have fallen victim to breaches and hacks.

In this article, we’ll look at how centralised exchanges manage customer funds and how Interdax takes a different approach to ensure the security of their client’s cryptocurrencies.

How do Cryptocurrency Exchanges Manage Customer Funds?

Exchanges typically manage customer funds by using a combination of hot wallets and cold wallets. When you deposit coins to an exchange, they move the funds from your deposit address to a hot wallet which facilitates the trading of cryptocurrencies and provides a pool of liquidity for traders.

Cold wallets are not connected to the Internet and are where most funds are stored. Observers of the Bitcoin blockchain can often deduce the cold wallet addresses of an exchange, as deposits are swept regularly from customer addresses and moved to hot wallets.

If the exchange’s server is hacked, the coins in deposit addresses become vulnerable. To reduce the possiblity of attack, funds are moved to cold wallets as the balance of hot wallets increases to make sure the exchange is capitalised enough in case of a hack.

How a typical centralised exchange manages customer funds.

The diagram above simplifies the general architecture of a cryptocurrency exchange (exchanges may also utilise pre-hot and pre-cold wallets as well).

Let’s assume the exchange has three customers; Alice, Bob and Carol. Their deposits are swept into the hot wallet and there is a connection between the cold wallet and the hot wallet. The scheme illustrated above and used by most exchanges relies on P2PKH (Pay-to-Public-Key-Hash) transactions, which makes handling deposits and withdrawals easier to manage.

However, an observer can figure out which wallets are an exchange’s cold wallet and hot wallet by looking at the Bitcoin blockchain. Also, the setup outlined above can be inefficient as each transfer between customer wallets, hot wallets, and cold wallets is an on-chain transaction that requires a fee to be paid to miners.

The visualisation above illustrates how the wallets, amount of bitcoin held and behaviours of centralised cryptocurrency exchanges can be gleaned from using machine learning in combination with publicly available transaction data.

In effect, the transparency of Bitcoin’s blockchain paints a target on the backs of these exchanges, as hackers can see how much money is stored in their wallets (and how much they could potentially steal by breaching the exchange’s security measures).

How Does Interdax’s Approach to Managing Client’s Funds Differ?

Interdax maintains customer funds and wallets in a novel way. Instead of using a combination of hot and cold wallets, every customer deposit address is a 3-of-5 multi-signature address.

The master keys for these multi-signature addresses are controlled by the Interdax team and were created through a key ceremony. Numerous sub-keys can be derived from these master keys to control each multi-signature address associated with a customer’s trading account.

While this setup requires more infrastructure to be put in place as compared to other centralised exchanges, the security benefits are well worth it as we explain below.

What is a Key Ceremony?

Public-private key cryptography forms a major foundation of security in the modern world (including e-commerce and the Internet) for the past 20 years. Consequently, the process to create and store the private keys used as part of Interdax’s multi-signature scheme is proven and trustworthy.

A key ceremony involving members of the Interdax leadership team and air gapped computers generated five master public-private key pairs, guaranteeing that they are cryptographically secure, auditable and transparent.

The five master public keys are stored privately on online servers and are used to create additional sub-keys (which are public keys for each user’s wallet on Interdax) while the master private keys are held securely offline.

The multi-signature setup also removes the need to sweep coins from customer addresses. Instead, the master private keys are used to sign transactions to process withdrawals and transfer coins within the exchange. If an adversary wanted to hack the exchange, they would have to control at least three master private keys (which are isolated from the Internet and stored in different locations).

Each customer’s public key and address are created using the sub-keys. A large numnber of sub-keys are safe to generate using the master keys thanks to an unsolved mathematical problem known as the Diffie-Hellman problem.

Diffie-Hellman Key Exchange

Thousands of sub-keys (K1, K2, …, Kn) can be derived from the five master public keys (M1, M2, M3, M4, M5) held by Interdax to manage each client’s wallet using a technique closely related to Diffie-Hellman key exchange. These sub-keys are used to ensure that the deposits are made to Interdax correspond with the correct trading accounts.