Bitcoin (BTC)

1 BTC


Ethereum (ETH)

Litecoin (LTC)


NEM (XEM)

Ripple (XRP)


Ethereum Classic (ETC)

Dash (DASH)


Monero (XMR)

Tron(TRX)


Chainlink (LINK)

Click here to start trading on the Binance exchange. Any proceeds will go towards maintaining this bitcoin forum.

     
cryptocurrency forum

Is your exchange safe?

Discussion in 'General Discussion' started by Daniel Leo, Apr 14, 2019.

  1. Daniel Leo

    Daniel Leo Beginner

    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    11
    Credits
    80%
    Well, the popular exchanges have been suffered from hacking attempts,
    so I am wondering whether your exchange is safe or not
     
    Carla Lopez likes this.
  2. DennisBTC

    DennisBTC Contributor

    Messages:
    35
    Likes Received:
    2
    Trophy Points:
    8
    Credits
    28%
    Yes, I'm using CoinDeal and they have a great security protocol.

    From its website:
    SWISS OPERATIONS EMPOWERMENT.
    Even though we need to wait up to 2 years to get regulated in Switzerland, in the meantime we are already using our office located there for some of our operations:

    • Storing cold wallet keys in Swiss banks’ deposits
    • Securing company funds in Swiss banks (but not user funds yet - we need to obtain a license in order to do that).

    USER FUNDS SECURITY STANDARDS.

    Our company owns a bank account exclusively for accepting customer funds (EURO). This is possible because we have over one-year-long track record of selling Bitcoin to customers (under the brand name Verified Solutions Ltd. on [...]) - with turnover of over 10 million dollars (currently around 1.5 million USD a month).


    CRYPTOCURRENCIES SECURITY STANDARDS.

    There is absolutely no way for hackers to steal money from our platform. It is not possible neither for a hacker nor an insider (such as a programmer, devops or administrator, not even for the management of the company). Here’s why.

    • We decided to build our system using microservices architecture. This means our system is build from many independent elements. They are maintained by separate teams and not a single person has access to all modules.
    • Our innovation is that each module signs (in a similar manner to that what happens on blockchain) each request (with its private key). Other modules know its public key so they can check if the signature is correct. If some signature is missing, other modules won't accept such a request. Therefore, even if someone breaches the system but has access to all modules but one, they cannot do anything.
    • Some modules require user input, like OTP or e-mail confirmation, where only the user knows the proper answer. So, for example, no one can make a payout from the user’s account without said user’s consent - not even the administrator.

    INCOMING PAYMENTS SECURITY STANDARDS.

    • On the first day of its run, CoinDeal exchange generated many public addresses, allowing payments, and stored its private keys in secure places (including Swiss Banks).
    • We only connected the public addresses to the computer system, without their respective private keys.
    • Computer system is monitoring these addresses to check if there are any new funds. If yes, we credit funds to the user's account, without actually moving them or having access to them.
    • A separate computer system, with no connection to the first one, is collecting money from these addresses and sends them to either withdrawal addresses or cold wallets - depending on the type of transaction.
    • Money is stored on the payment addresses for no more than few days (in most cases one day at most). There is no way for someone to find out where this system is located, and even if someone does (or the owner/administrator of this system decides to steal the money), they will only have access to the incoming payments from a single day (which will be less than 1% of exchange funds and will immediately get noticed by automated systems).

    OUTGOING PAYMENTS SECURITY STANDARDS.

    • An external system is responsible for the payouts and always requests all modules’ digital signatures.
    • Additionally, we use multi-signature addresses for payouts, needing two blockchain signatures (these are other signatures than the ones used by internal system modules).
    • You might think that someone could hack this external system - but it is not possible. Here is why:
      • one system is preparing a payout while checking all the (modules’) signatures. If everything is OK, the payout is prepared and signed with a single blockchain signature
      • another system, which is offline (meaning it cannot be accessed from the internet), connects to the internet for a few seconds periodically, only to download the file with the prepared payouts (and even during this short period of time it is not visible from the outside). This system verifies all the signatures - not only the ones from modules, but also the ones from the first system. The system checks if the payout makes sense - for example, if the moved funds are relatively small and if the address belongs to the exchange. If everything is correct, it proceeds with the payout. Otherwise it requests manual check from the exchange’s staff (additional acceptance criteria). However, it is important to note that funds are stored on multisig addresses, so the system can’t make a payout without signatures from point a). It cannot modify the payouts sent from system a), as it is already signed and any modification will make the signature invalid.
    As you can see, a hacker would need to hack numerous systems, including one that is offline and unaccessible from the Internet. As you can see, it is entirely impossible.


    COLD WALLETS SECURITY STANDARDS

    • To be absolutely sure that situations like private key losses, programming errors or system failure are inconceivable, 90% of funds are stored OFFLINE and are out of reach of the computer system.
    • For the funds’ storage we use multi-signature addresses with five keyholders, whereas 3 of them are needed to move the funds.
    • Keys are assigned to particular people. In this case, if funds were stolen, it would be absolutely clear which one of these 5 people had moved the funds. Moving funds around needs consent of 3 out of 5 people. This is ensured by the blockchain on its own.
    • We have chosen these five people very carefully, since they are people of great responsibility. They are not disclosing publicly who they are, but their public keys (not the private ones) are stored in Swiss bank deposit with their names. Therefore, in case of any doubts, it can always be checked who signed a particular transfer.
    • We periodically check if all of these people still have access to their private keys. This way, we can react properly if even one of them has lost access to his keys.
    This system is used by the biggest cryptocurrency exchange markets, such as Bitfinex. It is the most secure way to store funds.


    PERSONAL DATA SECURITY STANDARDS

    • Your personal data, such as your document number or even your birth date, are stored on separate servers. This means that our primary servers do not store this data. The data are only available by request and are requested only if a certain user needs them - and of course, the user can only download their own data. So in (a purely theoretical) case of breaching our world-visible servers, a hacker would need to hack our internal servers as well, which makes it a much more complicated task.
    • A very limited number of people has access to these data. After being checked by AML specialists, the data are hidden and are not accessible to anyone anymore, unless requested by the authorities (or by the user).

    PERSONAL DOCUMENTS SECURITY STANDARDS

    • Scans of your IDs and pictures of you are stored in an external company’s (under the brand Jumio) servers.
    • These data are directly uploaded to Jumio without ever reaching our servers. This ensures that there is no possibility of your documents leaking out.
    Jumio is a well-known company, cooperating with such giants as Coinbase or Airbnb.


    SSL

    We use SSL so your data are always encrypted and cannot be eavesdropped when entering our websites.


    PASSWORD SECURITY STANDARDS

    • Your password is hashed using industry-standard algorithms, so it is never stored in plain text and is not known even to our administrators. This way, the so-called rainbow tables cannot be used to hack passwords.
    • We enforce strong passwords, so any brute force methods will not be effective either.
    • We use OTP (one time password / two factor authentication / google authenticator)
    • We use SMS authentication
     
  3. ms.nothing

    ms.nothing Beginner

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Credits
    30%
    From the user perspective, I can 100% agree that the CoinDeal is one of the safest platforms. I've been using it for a while and I need to say that I'm quite satisfied. This platform has the most advanced security systems, which are certified. If you're more interested, you can also read more detailed information on CoinDeal's site.
     
  4. Je. O.

    Je. O. Scholar

    Messages:
    111
    Likes Received:
    10
    Trophy Points:
    18
    Credits
    3%
    I use Gemini and as far as I know, it is one of the safest exchanges.
     
  5. WhoTookMyCrypto.com

    WhoTookMyCrypto.com Contributor

    Messages:
    16
    Likes Received:
    4
    Trophy Points:
    8
    Credits
    7%
    Another good thing about Gemini is that they do have insurance to protect your holdings on the exchange. Can't post links yet but can share it once possible.

    However, as a rule of thumb, never store your crypto on exchanges. They are targeted by hackers all the time since they have vast stores of crypto.
     
    Je. O. likes this.
  6. OllieCrypto

    OllieCrypto Contributor

    Messages:
    18
    Likes Received:
    2
    Trophy Points:
    18
    Credits
    9%
    no exchange is secure
    its online, its mercurial.
    even hardware wallets can be hacked
    just minimize your exposure in whatever ways possible and be aware that you can take a loss at any time
     
  7. Marco

    Marco Contributor

    Messages:
    89
    Likes Received:
    11
    Trophy Points:
    8
    Credits
    88%
    I found some info about Coindeal and I've to agree. Their security practices are on high level, for instance 2FA, SSL, SwissSign and CloudFlare protection, email notifications and many others. There are so many positive opinions regarding their safety. It should be priority for every user, especially when there are so many scams and 'precarious' exchanges.
     
  8. MoonWalk

    MoonWalk Scholar

    Messages:
    321
    Likes Received:
    41
    Trophy Points:
    23
    Credits
    55%
    coinbase is the safest....
     
  9. MAGA

    MAGA Master of Crypto Staff Member Super Admin Premium Member

    Messages:
    724
    Likes Received:
    268
    Trophy Points:
    83
    Credits
    45%
    Rather not find out, keep most of my coins safe myself but I know that's a bit risky too lol, but at least that falls on me if I mess up
     
  10. CryptoTyro

    CryptoTyro Contributor

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    6
    Credits
    8%
    @WhoTookMyCrypto.

    Insurance!! but there must be some charges for that
     
  11. neeraj

    neeraj Contributor

    Messages:
    63
    Likes Received:
    9
    Trophy Points:
    8
    Credits
    59%
    Insurance like safu of binance
     
  12. don

    don Contributor

    Messages:
    60
    Likes Received:
    6
    Trophy Points:
    8
    Credits
    56%
    Excoincial.com is a very good and safe exchange that allows you to trade securely.
     
    neeraj likes this.
  13. Mikkey

    Mikkey Contributor

    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    8
    Credits
    7%
    I always monitor the security of my data, especially when it comes to finances. For this purpose, I use 2FA service, which provides an additional layer of protection that cannot be broken without having my phone. I have analyzed many two factor authentication solutions, but this particular 2fa platform seems to me more convenient to use. My exchange is protected by multi-factor authentication solution, so I don't worry about security issues like I think many other crypters do.
     
  14. KoinPro

    KoinPro Beginner

    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Credits
    90%
    I am using and would recommend Binance since they are one of the top player in this segment and they do have Secure Asset Fund for the users SAFU to protect the users. During the last hack few years ago they compensated the user funds so we can trust
     
  15. Eliza Abrams

    Eliza Abrams Expert

    Messages:
    615
    Likes Received:
    14
    Trophy Points:
    48
    Credits
    23%
    Carla Lopez likes this.
  16. FutureICO

    FutureICO Expert

    Messages:
    510
    Likes Received:
    15
    Trophy Points:
    48
    Credits
    2%
    I work with FreshForex broker, so it’s a broker and it is extremely safe and secure. I enjoy it so much to do with the conditions here with low spreads, smooth trading platform, high leverage and epic deposit bonus as well. So it’s highly comfortable as well for everyone.
     
    Carla Lopez likes this.
  17. Eliza Abrams

    Eliza Abrams Expert

    Messages:
    615
    Likes Received:
    14
    Trophy Points:
    48
    Credits
    23%
    Where are they licensed?
     
  18. AFRICUNIA

    AFRICUNIA Contributor

    Messages:
    91
    Likes Received:
    2
    Trophy Points:
    8
    Credits
    90%
    My exchange is really good and safe.
     
  19. Carla Lopez

    Carla Lopez Contributor

    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    6
    Credits
    4%
    I also think so
     
  20. Carla Lopez

    Carla Lopez Contributor

    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    6
    Credits
    4%
    but

    well said, but I can't believe forex trading by hearing different opinion from different traders.
     

Share This Page