The digital asset exchange is the main tool for digital asset price discovery and value exchange. There are two types of exchanges: centralized and decentralized exchanges.
Centralized exchanges have been under APT attacks and most exchanges have lost part or all of user's digital assets due to breaches. Some well known incidents including Mt.Gox (2014, $460 millions, now valued at 2 Billion dollars), Bitfinex (2016, $72 million), Binance(2019, 40 millions), etc.
Furthermore, the decentralized exchanges have gain momentum and the security risks associated with decentralized exchanges such as front running, smart contract settlement vulnerability,DNS Hijacking etc are not well studied.
CSA GCR is working on publishing Top 10 Security issues with Crypto Exchanges.
The CSA USA Exchange sub-group can focus on:
1: Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions, etc)
2: Best Practices and stand of security procedures for exchanges.
3: Testing and security check list for implementing and operating exchanges.
4: The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty, but will gain the momentum on both usage and security incidents).
------------------------------
Ken Huang
------------------------------