Centralised exchanges prefer to conceal how they secure customer funds, following the principle of security through obscurity. The less an attacker knows about a platform’s inner workings, the harder it is to exploit potential weaknesses.
However, the OKX team believes clients have a right to know how the platform holds their assets. Transparency is one of bitcoin’s core tenets and a hallmark that sets crypto apart from TradFi.
This article outlines OKX’s hot- and cold‑wallet system and the exchange’s Proof‑of‑Reserves audits.
Hot wallet
Like many crypto exchanges, OKX uses two kinds of wallets: cold (offline) and hot (online). Hot wallets are connected to the internet and therefore vulnerable to hacking, but they allow faster processing of withdrawal requests.
“Our hot wallets hold only 5% of total assets, but they still demand close attention to security because most hacker attacks target them. When a CEX is hacked, funds are usually stolen from hot wallets,” the exchange’s representatives note.
The private keys to OKX’s hot wallets are generated and encrypted on semi‑autonomous signing devices held by three employees in different countries.
The keys have backups stored in bank safe‑deposit boxes in three jurisdictions. If a key holder becomes unavailable (including through death or amnesia), the exchange uses a backup within 48 hours. To defend against offline attacks, private keys are kept in device RAM rather than persistent storage.
After key generation, the holders set up a semi‑autonomous 2‑of‑3 multisignature scheme.
“The hot wallet monitors all user deposits on‑chain. A transaction to an OKX address is routed to storage, its details are recorded in a dedicated database and then into the risk‑management system. The latter checks the origin of funds, the amount and the transaction’s blockchain confirmations,” OKX comments.
According to the exchange, the risk‑management system also reviews outgoing transactions and watches for anomalous client behaviour:
“Withdrawal requests that pass checks are moved to storage. The system automatically creates an unsigned transaction, which is then sent for semi‑autonomous multisignature via a special network protocol. This approach effectively makes it impossible for a third party or hacker to obtain the private key.”
Unsigned outgoing transactions are checked for anomalies by a separate semi‑autonomous risk‑management system, which serves as a second layer of defence for the hot wallet.
A transaction is signed and broadcast to the blockchain only after both systems approve it. If a withdrawal request fails a check, OKX delays or cancels the signature.
Cold wallet
Cold wallets are not connected to the internet. That protects them from hacks but slows withdrawals from the exchange.
“Any online equipment is vulnerable by its nature. Although we devote substantial resources to maintaining the semi‑autonomous multisignature system, it cannot be deemed safe because it is connected to the internet, so we store 95% of funds in cold wallets,” OKX notes.
Private keys are created as follows:
- Bitcoin software generates 10,000 private keys and corresponding addresses on a computer that is disconnected from the internet;
- OKX specialists encrypt them using AES on another offline computer and set a master password, which is held by two employees in different countries;
- all 10,000 original keys are deleted;
- the address and the encrypted private key are displayed as a QR code on the offline computer;
- that QR code is scanned from another computer to publish the cold‑wallet address and receive top‑ups from hot wallets. Each address is used only once;
- the QR code of the encrypted key is printed and stored at a bank. Even if the key holder is abducted, the document itself remains safe because retrieval requires an in‑person visit;
- OKX employees create additional backup copies of the QR codes, kept in different bank vaults. There are currently two backups, each accessible by a different person. The employees with access to the safe‑deposit boxes and those with the AES passwords are four different people.
A cold wallet can hold up to 1,000 BTC. No address is reused after its first outgoing transaction.
Withdrawals involve the following steps:
- an OKX employee retrieves the encrypted private keys by scanning a QR code on a computer that is disconnected from the internet;
- the AES master password decrypts the keys on the offline computer;
- the employee scans the QR code, imports it to another computer and signs the transaction.
After signing, the transaction is broadcast to the network via a USB device.
OKX Risk Shield and Proof‑of‑Reserves
To cover a potential breach, OKX has created the Risk Shield reserve fund. It is regularly topped up with a share of trading fees.
In addition, the exchange publishes monthly Proof‑of‑Reserves (PoR) audits. According to the latest report for December, the platform holds $14.9bn in assets.
The backing comprises 22 assets, including bitcoin, Ethereum, Tether (USDT) and USD Coin (USDC). According to DeFi Llama, as of January 2024 the reserves’ “purity” stands at 97.9%.
“As far as we know, OKX is the only exchange that has provided reports for more than 14 consecutive months. Throughout this period, the reserve ratio has remained at 100% or higher.
Coin Metrics co‑founder Nic Carter called OKX’s proof of reserves one of the best among major centralised exchanges. He cited OKX’s reliability, the professionalism of its management, its commitment to transparency and the overall quality of the PoR as reasons for such a high assessment,” the exchange’s representatives comment.
In April 2023, OKX implemented zk‑STARK zero‑knowledge proofs in its Proof‑of‑Reserves mechanism, enabling users to verify the exchange’s solvency independently.
Takeaways
Since Mt Gox, reports of hacks at centralised exchanges have been a regular occurrence. In 2023 alone, hackers breached the hot wallets of CoinEx, Poloniex and HTX.
Such cases are a reminder that CEXs are ill‑suited to long‑term storage of substantial sums of crypto. Hardware wallets or non‑custodial options such as OKX Wallet are better choices.
Even for short‑term trading, it pays to choose a reliable platform that invests heavily in security. OKX does not hide how it stores funds, allowing users to make an informed decision about whether to entrust the exchange with their money.