As a semi-decentralized cryptocurrency exchange designed for institutional investors, LGO needs to have a strong security approach referring to what banking institutions, funds and governments have been relying upon for the last decades on exchanges: reliability, transparency and security. This implies the respect of strict and unchangeable rules.

Our Golden rules

In order to ensure the highest level of security and to eliminate all possible risks, LGO decided to follow strict guidelines:

End-to-end security

Two-man rule

Mistake proofing

Full Recovery procedures

No unilateral control on our clients’ assets

End-to-end security

Encrypting communication between local wallets and distant exchange services is not enough, security is required on each end point. Since LGO is based on multisignature transactions, each key involved should be securely stored and used.

All private keys are systematically stored in a secure hardware component. Customers and partners are required to use smart card based Hardware Wallets (HW), and LGO services keys are stored on Hardware Secure Modules (HSM).

From authentication challenges to transactions, signatures are always done directly inside secure elements.

Two-man rule

The two-man rule, also known as the four-eyes principle, is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule all access and actions require the presence of two authorized people at all times. — Wikipedia

Historically, “the two-man rule” has been designed to prevent accidental or malicious nuclear strikes.

On LGO’s system, we use the two-man rule for operations defined as critical which need a manual double check like transaction executions, new release deployments to production and access to the server.

Transactions

As presented in our post “A New Approach To Crypto Asset Management”, LGO exchange will systematically offer two 2-of-3 multisig wallets (storage and trading wallets) to clients.That means a minimum of two signatures are needed to transfer funds. Transactions are always initiated by a first party and confirmed by another one: clients and LGO for the storage wallet, LGO and the clearing house for the trading one.

Deploying to production

Deploying a new release to production is a sensitive process. The changes need to be isolated, tested, approved and can then be released on-demand, once ready, to guarantee their efficiency. We cannot afford to deliver new versions without an efficient checking workflow including regression testing. It requires at least 2 people, to make the migration in live environment.

Server access

Our servers, the ones that store LGO’s private keys, will be hosted in different locations around the world and their access will be restricted. It’s essential to thoroughly protect LGO activity from the impact of any crisis. Our architecture is being designed to comply with the requirements of a business continuity plan to protect our platform and users’ data.

Two granted and identified people need to be physically present at the location at the same time to enter the servers room.

Mistake proofing

Cryptocurrency transactions on the Bitcoin network are designed to be irreversible and no central entity has control over them.

A fat-finger error is a keyboard input error in the financial markets such as the stock market or foreign exchange market whereby an order to buy or sell is placed of far greater size than intended, for the wrong stock or contract, at the wrong price, or with any number of other input errors. — Wikipedia

To avoid any fat-finger error, traditional stock exchanges have tight deadlines to request a cancellation or a rollback transaction, within 30 or 60 minutes of the trade execution.

However, the Bitcoin’s base layer transactions on the blockchain are irreversible. The history of transactions cannot be computationally changed or modified.

This is why LGO will gradually release different levels of protection against fat-finger errors. Firstly, a warning system will be set up to alert clients if they are about to place an order with a price out of market. Moreover, we estimate machine learning can advise our clients, and play an integral role in LGO’s ecosystem by proposing a fruitful panel of applications. Machine learning will definitely be a lever to minimize the risk of user mistakes and to detect suspicious actions.

We absolutely understand that providing a transaction cancellation feature within an allowed time window will be an extra security we want to make available in the future.

Full Recovery procedures

Cryptocurrency is mainly based on two principles: the private key’s ownership and the irreversible nature of transactions made on the blockchain.

We all know that if you can not access or own your private key for any reason, you do not own your coins anymore. On LGO’ exchange, the client’s access and private key ownership are safe thanks to the third party involved in the user multisig wallet, that play the role of safety guard to retrieve the third key. This service, as a backup solution, is essential and crucial to secure the user’s crypto funds.

The death of the billionaire Matthew Mellon, the 16th of April earlier this year, at the age of 54, revived the debate on this topic.

Matthew Mellon made his fortune in cryptocurrency, turning a $2 million investment into $1 billion, in Bitcoin and Ripple.

His digital assets are stored in cold wallets across the US and protected by a password no one knows except him. It makes the cryptocurrency irrecoverable for relatives.

LGO’s backup service would fend off this monumental issue and provide a secure way to access the asset via a trusted third party.

No unilateral control on our clients’ assets

Current centralized crypto-exchanges have full control over their clients’ funds. They hold the funds of their clients within their own bank accounts, and hold cryptocurrencies on their own wallets which creates a huge counterparty risk: a client is never sure of the balances held on a cryptocurrency exchange, until they withdraw the funds from it.

This is not the way traditional capital markets work: NASDAQ, Euronext, NYSE do not hold their client’s funds. They use the services of custodians and clearing firms, companies which purpose is to store assets, and take the custody risk away from the exchange.

Our pledge is to bring the professionalism of the traditional financial world to the cryptocurrency space. As such, we do not hold our clients’ funds which makes LGO effectively riskless to trade on.

Our clients’ fiat funds will be stored in their own brokerage account held by a third party regulated custodian. The fiat funds stored in this account are owned by the clients and will never go through LGO’s own accounts. As to our client’s cryptocurrencies, they will be held within our clients’ own storage and trading wallet. These wallets are held by the clients, and they are individual. If a client has 100 BTC on his trading wallet, he will be able to check this information on the Bitcoin blockchain by looking up his trading wallet address. In order to remove the counterparty risk that a lot of institutions face when trading cryptocurrencies on centralized fiat-to-crypto exchanges, we have decided to adopt the structure of a traditional exchange: we don’t hold nor control the funds of our clients.

Rules to keep users asset safe

Bitcoin has certainly revolutionized the way people do business transactions today. Bitcoins also come with security shortcomings and if our clients are not aware of some security and safety tips they could end up being victims. Every golden rule is here to stay and has been conscientiously thought through in order to bring security, fairness and transparency in to LGO’s exchange.