Offline storageOnline storage

Secure online storage design

Offline asset storage — cold wallets — are the safest vaults for cryptocurrency. But crypto exchanges require ready access to some funds to deposit and withdraw funds for users. It’s possible thanks to online storage known as hot wallets.

Since hot wallet systems are connected to the internet, operating them safely is a bigger challenge. We created our own semi-offline multi-signature mechanism. It supports quick, secure, and convenient deposits and withdrawals.

Our hot wallet architecture

Our hot wallets use multiple technical solutions for greater convenience and security. We have semi-offline multi-signature mechanisms, online and semi-offline risk management systems based on big data. Multiple risk management methods verify deposits and withdrawals before sending them to blockchain.

Our security design philosophy

Secure private key storage

It’s impossible to compromise our semi-offline servers even via a physical attack. We store private keys in RAM instead of permanent memory.

Semi-offline signatures

We don’t use the typical TCP/IP protocol for network communication. Instead, we use a semi-offline signature service that makes online attacks virtually impossible.

Distributed authorization

Our multi-signature system requires several confirmations from authorized employees who are geographically separate and have backups in place.

Emergency backups

We’re prepated for various emergency scenarios with multiple backups and extensive redundancy plans.

Specifics of our security protocol
Generation of private keys and backupsHot wallet depositsHot wallet withdrawals

Private key generation

ー Three private keys are randomly generated, encrypted and stored on semi-offline signature devices held by three separate authorized employees.

ー Any two private key owners are prohibited from traveling together at any time. All three private key owners are prohibited from being in the same region at the same time.

Private key backup

ー Each private key has a backup.

ー The backups are stored in secure bank vaults in three different regions.

Conditions for activating private keys

ー Two of the three key owners are required to authorize the activation of their semi-offline signature devices in different high-security physical locations.

ー Private keys are stored in the devices’ RAM modules in secure locations, preventing unauthorized access even in the case of a physical attack.

Conditions for activating private key backups

ー If any private key owner has an accident that could result in permanent loss of the private key, a backup key is activated within 48 hours.

ー If any private key owner is compromised and there’s a risk of losing the key, we shall immediately pause withdrawals, reset passwords, and enable backups within 48 hours. After this, a new private key owner is designated.

ー If any private key owner temporarily can’t perform their duties due to an accident or confidentiality obligation, a backup key is enabled within 30 days.

We track blockchain transactions with different solutions. The blockchain gateway service finds all transactions related to OKX addresses. The vault system records these transactions in the internal database. The online risk management system checks deposit info and address validity.

The online risk management system reviews all deposit transactions for validity of funds, amounts, and deposit frequency.

If any deposit transaction fails to pass our risk management checks, the treasury service delays funding.

Similar to deposit transactions, our online risk management system analyzes withdrawals for any anomalies in user behavior.

Withdrawal transactions that pass the risk management checks are sent to our vault system. The system then creates unsigned transactions and sends them for signature. Since we use a specialized semi-offline multi-signature mechanism, it’s virtually impossible for attackers and hackers to compromise any private keys in the process.

The second layer of our hot wallet security is the semi-offline risk management system. It analyzes unsigned transactions for anomalies. An unsigned transaction is only approved for signature once it passes both risk management system checks. All signed transactions are sent from the vault to our treasury and blockchain gateway service for broadcasting. If any unsigned withdrawal transaction fails to pass our risk management checks, we delay or cancel signing. Thus, our hot wallets can stop large withdrawals from malicious parties quickly and protect you from online attacks.

Core features of our security protocol

Our private key management system integrates decentralized storage

Each private key has a backup.

We have many emergency scenarios that allow us to enable backups.

We keep private keys in our semi-offline signature devices’ RAM, preventing both online and offline attacks.

We have multiple risk detection and management mechanisms to to prevent suspicious assets flows.

Benefits of our security protocol

Our security systems are designed to keep private keys safe against both online and offline attacks.

Our extensive backup and contingency plans aim to minimize withdrawal downtime due to emergencies and unforeseeable circumstances.

Our risk management systems flag and prevent suspicious deposits and withdrawals.