Blockchain/ Distributed Ledger

The digital asset exchange is the main tool for digital asset price discovery and value exchange. There are two types of exchanges: centralized and decentralized exchanges.

Centralized exchanges have been under APT attacks and most exchanges have lost part or all of user's digital assets due to breaches. Some well known incidents including Mt.Gox （2014， $460 millions, now valued at 2 Billion dollars）, Bitfinex (2016, $72 million), Binance(2019, 40 millions), etc.

Furthermore, the decentralized exchanges have gain momentum and the security risks associated with decentralized exchanges such as front running, smart contract settlement vulnerability,DNS Hijacking etc are not well studied.

CSA GCR is working on publishing Top 10 Security issues with Crypto Exchanges.

The CSA USA Exchange sub-group can focus on:

1: Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions， etc)

2: Best Practices and stand of security procedures for exchanges.

3: Testing and security check list for implementing and operating exchanges.

4: The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty, but will gain the momentum on both usage and security incidents).

The digital asset exchange is the main tool for digital asset price discovery and value exchange. There are two types of exchanges: centralized and decentralized exchanges.

Centralized exchanges have been under APT attacks and most exchanges have lost part or all of user's digital assets due to breaches. Some well known incidents including Mt.Gox （2014， $460 millions, now valued at 2 Billion dollars）, Bitfinex (2016, $72 million), Binance(2019, 40 millions), etc.

Furthermore, the decentralized exchanges have gain momentum and the security risks associated with decentralized exchanges such as front running, smart contract settlement vulnerability,DNS Hijacking etc are not well studied.

CSA GCR is working on publishing Top 10 Security issues with Crypto Exchanges.

The CSA USA Exchange sub-group can focus on:

1: Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions， etc)

2: Best Practices and stand of security procedures for exchanges.

3: Testing and security check list for implementing and operating exchanges.

4: The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty, but will gain the momentum on both usage and security incidents).

The digital asset exchange is the main tool for digital asset price discovery and value exchange. There are two types of exchanges: centralized and decentralized exchanges.

Centralized exchanges have been under APT attacks and most exchanges have lost part or all of user's digital assets due to breaches. Some well known incidents including Mt.Gox （2014， $460 millions, now valued at 2 Billion dollars）, Bitfinex (2016, $72 million), Binance(2019, 40 millions), etc.

Furthermore, the decentralized exchanges have gain momentum and the security risks associated with decentralized exchanges such as front running, smart contract settlement vulnerability,DNS Hijacking etc are not well studied.

CSA GCR is working on publishing Top 10 Security issues with Crypto Exchanges.

The CSA USA Exchange sub-group can focus on:

1: Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions， etc)

2: Best Practices and stand of security procedures for exchanges.

3: Testing and security check list for implementing and operating exchanges.

4: The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty, but will gain the momentum on both usage and security incidents).

1. General guidelines/best practices for the exchange software/engines which can be derived/extracted from other work-groups (DevOps, AppSec etc.)
2. Security Framework/recommendations that are specific to Software/Modules that interact with DLT/blockchains to cover basic exchanges, P2P exchanges/interactions and DEXs
3. Assets wallets/key-management which we're addressing from the DLT perspective and can expand on with guidelines for both the Exchange and End-User sides to enhance security and minimize risks

The digital asset exchange is the main tool for digital asset price discovery and value exchange. There are two types of exchanges: centralized and decentralized exchanges.

Centralized exchanges have been under APT attacks and most exchanges have lost part or all of user's digital assets due to breaches. Some well known incidents including Mt.Gox （2014， $460 millions, now valued at 2 Billion dollars）, Bitfinex (2016, $72 million), Binance(2019, 40 millions), etc.

Furthermore, the decentralized exchanges have gain momentum and the security risks associated with decentralized exchanges such as front running, smart contract settlement vulnerability,DNS Hijacking etc are not well studied.

CSA GCR is working on publishing Top 10 Security issues with Crypto Exchanges.

The CSA USA Exchange sub-group can focus on:

1: Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions， etc)

2: Best Practices and stand of security procedures for exchanges.

3: Testing and security check list for implementing and operating exchanges.

4: The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty, but will gain the momentum on both usage and security incidents).