This morning I decided to have a deep dive into a fundamental question when it comes to our interactions with large exchanges in that there must at the same time be superior levels of security and client access. With this in mind I found myself asking the following question.
How do large Crypto exchanges like Coinbase secure their crypto assets and keep them tradable at the same time.
Coinbase isn’t amazing and is well known for its expense but I persist with it primarily because of its security features and the insurance that protects customer assets.
This article does not represent an endorsement of Coinbase, make your own decisions based on what you have found for yourselves.
The fact is that crypto exchanges like Coinbase walk a tightrope. They must keep billions in assets ultra-secure while also maintaining enough liquidity for millions of users to be able to access their assets at the same time. The approach they take is not to store all customer funds in one place. Instead, they use a layered architecture that separates storage from liquidity.
This starts with the core model which is a hot-cold wallet split in which the hot wallets represent 2–10% of all assets, which are connected to the internet and made available for customer withdrawals, market‑making and internal liquidity. In traditional terms they can be thought of as being like a cash register and naturally it follows that they are a strictly limited in size to reduce risk. The other 90–98% are kept in cold storage – i.e. offline - in hardware modules or encrypted physical vaults that are geographically distributed across multiple secure facilities. Multi‑party approval (MPC / multisig) is required to move funds and again using a traditional banking model the cold storage could be though of as being the bank vault.
The use of MPC offers a greater level of security because it means very simply that no single person or server ever holds the full private key of any user rather such keys are shared across multiple secure systems. Furthermore, any transaction requires multiple shares to sign and in the event of any system failure the attacker gets nothing.
Additionally, exchanges employ extensively as part of their security architecture Hardware Security Modules or HSMs which are tamper‑proof devices often used by banks and militaries. They can be used to generate private keys inside the device while at the same time prevent them from ever being exported. HSMs are also responsible for enforcing signing policies (limits, whitelists, rate controls) and can be thought of as crypto safes with programmable rules.
So security aside we still need to have access to our assets for trading and withdrawing purposes. I have not included uploading fiat because other than being a receiving platform this does not include any risk of removing assets illicitly.
Obviously, exchanges need to keep enough funds online to handle high‑frequency trading, flash crashes and sudden withdrawal spikes Much of this is achieved through automated rebalancing which sees algorithms monitor hot wallet levels and respond accordingly so for example when liquidity drops, a controlled withdrawal from cold storage is triggered. Such a withdrawal is additionally secured through the use of multi‑party approval and strict logging.
The fact is that most trades never touch the blockchain and can almost be thought of as a merry-go-round i.e, User A sells BitCoin and then User B buys BitCoin and the exchange simply updates its internal ledger. This has the additional advantage of keeping trading fast and cheap.
Exchanges like Coinbase further secure client assets by insuring against hot wallet breaches and putting best practice in place when it comes to risk management. This includes the monitoring of withdrawal velocity which they limit and the usage of address whitelisting. Coinbase also employs the use of behavioural analytics to detect suspicious activity.
So, this is all done to counter external threats but sometimes it is the enemy within and so therefore it necessary to have protocols and practices in place to prevent insider attacks, In simple terms this involves a lot of division and multiplicity in that key shares are held by different teams, frequently spread across different countries and under no circumstance can a single employee move funds. Any actioned transaction would also require biometric verification and the physical presence of the employees.
To underpin their entire security architecture large exchanges have dedicated security teams who monitor the systems in real time through the usage of bug bounty programs and custom-built custody infrastructure. The system is also subjected to frequent pen-testing (penetration testing – “ethical hacking”) to check its robustness and highlight any flaws in the overall security of the systems. This is in stark contrast to many smaller exchanges which are more hackable simply because they often rely on single-server hot wallets.
So all in all, the security infrastructure is made as impenetrable as possible through a wide range of protocols including the usage of diverse storage solutions, limited employee access and automation while at the same time these same protocols ensure enough liquidity to give clients the access they need.
So, I suspect, when glitches appear (e.g. temporary inability to access assets on Coinbase) it is down to these security and liquidity issues, and especially – certainly in Coinbase’s case – such glitches tend to occur during hot trading periods which is a strong indicator that assets need moving from cold to hot storage to facilitate client requirement.
Hope that has been both informative and reassuring.
As always stay safe and well my friends.
