Before I tar and feather Bitfinex and BitGo in the next section, I want to reiterate that we are serious about security. Here are the ways in which BitMEX secures customer funds:
We don’t have one. We never have since our start in 2014. It is the biggest attack vector for Bitcoin exchanges. Removing this vector greatly reduces the likelihood of losing customer funds.
Hot wallets are convenient but have major pitfalls. Because there is no human intervention involved in the signing of transactions, it is the preferred place by which hackers steal Bitcoin. By the time exchange operators discover a breach in their hot wallet, the Bitcoin is long gone and cannot be recovered.
SatoshiLabs claims that over 1 million Bitcoin have been stolen in hot wallet thefts, the largest being BFX & Mt. Gox. We will not take this risk and users should shun exchanges that hold significant user funds in hot wallets.
Hot wallets can be used smartly, with daily limits & manual refill review. Such rigor is rare but BitMEX plans to implement such a hybrid system by the end of the year. It will not be quickly done – we do not take such a buildout lightly.
End To End Multi-Signature Wallets
All BitMEX customer funds are held in multi-signature wallets. We were the first-ever exchange to hold 100% of customer funds in multisig wallets. We do not use or trust any third-party solutions.
At BitMEX, 2 of 3 partners must sign each withdrawal. If that condition isn’t met, then funds cannot be spent. All signing happens on offline machines.
All transactions are manually reviewed and signed by the partners. Because our withdrawal process is manual, we only do it once per day at 13:00 UTC.
The BitMEX trading engine is written in KDB+/q, the premier number crunching platform used by major banks & trading desks. It is extremely fast – and rather than use that headroom for vanity numbers like “1,000,000 executions per second”, we use it for safety. The BitMEX trading engine continuously audits itself at every execution. All user balances always sum zero.
This is a big deal – it means that if a single Satoshi goes missing, is transferred improperly, or a hacker simply spoofs a balance by editing the database (as may have been used in the Mt. Gox hack), the trading engine immediately shuts down.
We don’t just audit our internal database for consistency. We use both internal and external Blockchain services to ensure all balances have a source that we control.
From source to destination, all balances on BitMEX are traced on every execution. If a single satoshi goes missing, trading automatically halts.
Does that sound inconvenient if there’s a bug or rounding error? Yes, it is. Because of this continuous audit, BitMEX doesn’t have rounding errors, balances are always accurate, and the math always adds up. We believe all companies handling other people’s money should have the same rigor.