JuCoin Exchange: Build CEX’s indestructible security line in multiple dimensions

JuCoin Exchange always adheres to the principle of “safety first”.

The construction of the exchange’s security system is a complex and continuously evolving systematic project that requires multi-level and in-depth defense to effectively reduce risks and ensure the security of user assets.JuCoin Exchange has always adhered to the principle of putting security first. This article will use JuCoin as an example to analyze the construction and defense practices of the CEX security system.

Core principles for building a security system

JuCoin Exchange’s security system is built based on the following six core principles and aims to create an all-round and multi-level security protection network:

• defense in depth (Defense in Depth): JuCoin adopts multiple layers of security measures to set up multiple barriers at all levels such as network, system, data, and application. Even if a single security layer is breached, there are still other levels of protection, effectively increasing the difficulty and cost of attacks.
• principle of least privilege Principle of Least Privilege: JuCoin strictly controls the permissions of system users and processes, granting only the minimum permissions needed to complete its functions. This effectively reduces security risks caused by abuse or disclosure of rights and reduces potential losses.
• Continuous monitoring and rapid response (Continuous Monitoring and Incident Response): JuCoin has established a 7×24-hour monitoring system to monitor abnormal behavior in the system in real time and form a rapid response team. Once a security incident occurs, it can be quickly located, isolated and repaired to minimize losses.
• Security audits and penetration testing (Security Audit and Penetration Testing): JuCoin regularly conducts internal and external security audits and commissions top international security agencies to conduct penetration testing. By simulating hacker attacks, proactively discover potential vulnerabilities and repair them in time to ensure that the system remains safe and reliable.
• Compliance and Regulation (Compliance and Regulation): JuCoin actively embraces supervision, applies for licenses globally, and strictly abides by relevant laws, regulations and industry standards. Compliance operations not only enhance the credibility of the exchange, but also are an important cornerstone for protecting users ‘rights and interests.
• User safety education (User Security Education): JuCoin continues to invest in user security education, enhance user security awareness through multiple channels, educate users on how to use strong passwords, enable dual-factor authentication, etc., and jointly build a more secure transaction environment.

 Key technologies and measures for CEX security defense JuCoin Exchange Practice

JuCoin Exchange has implemented the above security principles into specific technologies and measures, building a multi-dimensional and three-dimensional security defense system:

• Network Traffic Analysis System (Advanced Threat Detection Systems): JuCoin has deployed an advanced AI-driven threat detection system to achieve comprehensive security:
• real-time monitoring: Monitor network traffic, system logs, user behavior, etc. in real time around the clock to detect abnormal activities in a timely manner.
• Behavior Analysis: Adopt behavioral analysis technology based on machine learning and artificial intelligence to identify suspicious behaviors that deviate from normal patterns, such as abnormal logins, large transfers, suspicious transactions, etc.
• threat intelligence: Connect to the world’s leading threat intelligence platforms, such as AlienVault OTX, get the latest threat information, update defense strategies in a timely manner, and respond to known and unknown threats.
• Intrusion detection and prevention system (IDS/IPS): Deploy enterprise-level IDS/IPS systems, such as Fortinet, to detect and block malicious network attacks, such as DDoS attacks, SQL injection, cross-site scripting attacks, etc.

Smart contract security audit (Smart Contract Security Audit): JuCoin conducts strict security audits on all smart contracts it uses to ensure code security:

• Code Audit: Adhere to strict Code Audit conducted by the world’s top third-party security audit company to ensure the security, reliability and compliance of contract codes.
• vulnerability scanning: Use automated vulnerability scanning tools such as Trail of Bits Slither to quickly detect known security vulnerabilities in smart contracts.
• formal verification: For key smart contracts related to core businesses, introduce formal verification technologies, such as Isabelle/HOL, to mathematically prove the correctness and security of the contract code and minimize risks.
• continuous monitoring: After the smart contract is deployed, it will continue to monitor and work with security agencies such as PeckShield to discover and repair new vulnerabilities in a timely manner.

Operating principle and management of multi-sign wallet (Multi-signature Wallet Operation and Management): JuCoin adopts multi-signature wallet technology and combines strict management systems to ensure asset security:

• multi-signature principle: Multi-signature wallets require multiple private keys to be jointly authorized to conduct transactions. Even if some private keys are leaked, attackers cannot transfer assets alone, greatly improving security.
• key management: The private keys of the multi-sign wallets are stored discretely in physically isolated HSM hardware security modules and are kept by core security team members distributed in different locations around the world. A complete key management process has been established, which complies with ISO27001 standards.
• authority control: Reasonably set the signature threshold and authority allocation of multi-signature wallets. Critical transactions require 3/5 or even higher signatures to be executed to ensure transaction security and efficiency.
• operational flow: Establish an extremely strict multi-signature wallet operation process, such as transaction initiation, multi-level approval, multi-party signature, broadcasting and other links. All operations need to be recorded in detail and subject to security audit.

Hot and cold wallet management solution (Cold and Hot Wallet Management): JuCoin has implemented an advanced separate storage solution for hot and cold wallets to maximize the security of user assets:

• Cold wallet storage: The vast majority of user assets (more than 99%) are stored in physically isolated offline cold wallets. The cold wallets are physically isolated from the network and monitored 24 hours a day by dedicated personnel, greatly reducing the risk of being attacked by hackers.
• Hot wallet use: Only a very small amount of money (less than 1%, far below the industry average) is stored in hot wallets and is only used to support daily operations and user quick withdrawals. Hot wallets are deployed under a multi-layered security protection system, such as multiple signatures, strict access control, real-time security monitoring, etc.
• Fund transfer process: Establish a bank-level hot and cold wallet fund transfer process. Transferring funds from cold wallets to hot wallets requires strict multiple authorizations and security audits to ensure that the fund transfer process is safe and controllable.
• regular audits: An independent third-party auditor regularly audits the storage and transfer of funds in hot and cold wallets to ensure the safety of funds and clear accounts.

Implementation of multi-signature technology (Multi-signature Technology Implementation): JuCoin has always been at the forefront of the industry in the implementation of multi-signature technology:

• technology selection: Flexibility to select the most suitable multi-signature technology solution based on the specific needs and security levels of different currencies and business scenarios. Currently, a variety of advanced technology solutions are adopted including multi-signature based on HSM hardware wallets and multi-signature based on MPC (Multi-Party Computing). solution.
• parameter configuration: Based on the risk assessment results, reasonably configure multi-signature parameters, such as dynamically adjusting signature thresholds, key number, key types, etc., to achieve the best balance between security and ease of use.
• safe implementation: When implementing multi-signature technology, special attention is paid to the secure generation of keys, high-intensity encrypted storage, off-site backup and disaster recovery, as well as the all-round security design of the transaction process.
• compatibility: When selecting technology, fully consider the seamless compatibility of multi-signature technology with the exchange’s existing systems and business processes to ensure that while improving security, no new security risks are introduced and the user experience is optimized.

Warnings for major typical incidents

Looking back on the development history of cryptocurrency exchanges, there have been many major security incidents, which have sounded the alarm for the industry:

Mt.Gox Exchange Theft (2014): Mt.Gox, the largest bitcoin exchange in the early days, eventually went bankrupt due to multiple theft incidents, warning CEX that it must attach great importance to private key security and timely repair of system vulnerabilities.

Coincheck Exchange Theft (2018): Japanese exchange Coincheck stole NEM coins and lost huge losses, once again emphasizing the importance of hot and cold wallet separation and multi-signature technology.

Binance (Binance) Exchange Theft Incident (2019): 7000 bitcoins were stolen from the Binance Exchange, indicating that API security management is also an indispensable and important part of CEX security.

KuCoin Exchange Theft (2020): The theft of a large amount of cryptographic assets from the KuCoin Exchange once again reminded CEX of the need to continue to strengthen internal security management and supply chain security.

Since its establishment, JuCoin has never had any major security incidents. Thanks to its always adhering to the principle of putting safety first, it continues to invest huge amounts of money and technical strength to build and continuously upgrade the exchange’s security system.

 Analysis and reflection on the theft of Bybit’s cryptographic assets

Recently,The Bybit Exchange suffered a $1.4 billion theft of crypto-assets, once again triggering in-depth thinking in the industry about CEX security. The analysis pointed out that this incident is likely to be an APT attack launched by Lazarus Group (North Korean hacker group), targeting Bybit’s Ethereum multi-sign cold storage wallet, which is called the largest cryptocurrency theft in history. The preliminary analysis report also points to Operational Security failure.

(Speculation):

1.  Early penetration and malicious contract deployment: Attackers may have begun to infiltrate the Bybit exchange system as early as February 19, 2025 or even earlier, lurking and deploying malicious contracts for a long time.

2.  Locating multi-sign wallets and replacement contracts: The attacker accurately located the multi-sign cold wallet storing a large amount of ETH assets on the Bybit exchange, and replaced the Safe implementation contract of the Bybit multi-sign cold wallet with a pre-deployed malicious contract on February 21. This is the most critical step in the attack.

3.  Key disclosure or cracking and multi-signature authorization bypass: An attacker may have previously stolen or cracked a sufficient number of multi-signature private keys, and after the malicious contract replacement is completed, used a backdoor function to bypass the normal multi-signature authorization mechanism, successfully transferring the US$1.4 billion worth of ETH and stETH assets in Bybit Ethereum cold wallet. 

4.  The tide of coin withdrawals and industry mutual assistance: The theft of the Bybit exchange caused market shocks and user panic. Many exchanges such as Bitgewww.gushiio.comXC, KuCoin, etc. provided industry mutual assistance, easing Bybit’s liquidity pressure and market panic.

CEX security weaknesses:

• Operational security risks are the core weakness: The Bybit incident shows that even with high-security technologies such as multi-signature and cold wallet, operational security management vulnerabilities can still lead to catastrophic security incidents.
• advanced persistent threat (APT)Defense capabilities need to be improved urgently: CEX needs to deploy more advanced and intelligent threat detection and defense systems, and establish a professional security team and APT attack and defense drill mechanism to effectively improve its defense against unknown advanced threats.
• Key management complexity and risks coexist in multi-sign wallets: Multi-signature wallet technology improves security, but it also brings complexity to key management. Negligence or loopholes in any link may introduce new security risks. We must not be overly superstitious about the technology itself, but also pay attention to the implementation and management of the technology. details.
• Insider risk is always One of the biggest challenges to CEX security: CEX security is highly dependent on the professionalism, professional ethics and safety awareness of internal personnel. It is necessary to continue to strengthen internal security management, establish a sound internal risk control system, and minimize internal personnel risks.

Building a more secure CEX system: JuCoin Exchange’s multi-dimensional security improvement solution

To build a more indestructible In the CEX system, JuCoin continues to improve security in the following dimensions based on existing security technologies and measures:

Continue to strengthen the Advanced Threat Detection System Network Traffic Analysis System:

• deep integration AI and machine learning: Increase investment in AI and machine learning, train more advanced threat detection models, improve threat intelligence analysis capabilities, and achieve more accurate identification and prediction of unknown threats.
• Build more comprehensive security information and incident management (SIEM) system: Further upgrade the SIEM system, integrate more comprehensive security data, optimize log analysis and correlation analysis algorithms, achieve centralized monitoring, intelligent analysis and rapid response to security incidents across the platform, and shorten the average response time (MTTR) for security incidents to minutes.
• full deployment UEBA (User and Entity Behavior Analysis) System: The UEBA system has been fully deployed to monitor user and entity behavior patterns in real time, automatically identify abnormal behaviors based on AI algorithms, and achieve proactive discovery and accurate early warning of risks such as internal threats, account theft, and API abuse.
• Normalized and actual combat red team drill mechanism: Using the red team exercise as a normalized security operation mechanism, the red team composed of the world’s top security experts simulates real hacking scenarios, conducts comprehensive and high-intensity penetration testing and practical testing of the exchange’s security defense system, and continues to discover and Repair potential and deeper security vulnerabilities.

 

Continue to strengthen smart contract security audits:

• Implement more stringent audit standards: Implement smart contract audit standards that are much higher than the industry average. Based on existing Code Audit, vulnerability scanning, formal verification, etc., introduce more advanced audit technologies such as Fuzzying and Symbolic Execution to achieve 100% code coverage testing of smart contract code and ensure zero vulnerabilities and risks of smart contract code.
• Implement the multi-party + cross-audit mechanism: Maintain in-depth cooperation with top international security audit companies and innovatively introduce the multi-party audit + cross-audit mechanism in important smart contract audits to maximize the objectivity, comprehensiveness and professionalism of the audit.
• establish“Vulnerability Bounty Plan: Continue to operate and upgrade the vulnerability bounty plan, significantly increase the amount of the vulnerability bounty, establish a closer cooperative relationship with the global white-hat hacker community, and build an innovative security defense system for global white-hat hackers to jointly build security.
• establish“Smart contract security vulnerability rapid response and hot repair mechanism: Establish a 7×24-hour rapid response and hot repair mechanism for smart contract security vulnerabilities to ensure that vulnerability analysis, repair plan formulation, code hot repair, security testing, online deployment, etc. are completed in a very short time. The entire process shortens the average repair time for smart contract security vulnerabilities to hours and minimizes the risk of vulnerabilities being exploited.

 

Continuously optimize the operating principle and management of multi-signature wallets:

• fully upgraded HSM hardware security module: Comprehensively upgrade the HSM hardware security module, adopt a new generation of HSM hardware with higher security levels and higher performance, and introduce a multiple HSM hardware redundant backup mechanism to improve the security of multi-signed wallet private keys to the extreme.
• Innovative introduction“Key fragmentation + geographical location decentralization technology: Based on Secret Sharing, the concept of geographical location decentralization is innovatively introduced to disperse and store key fragments of multi-signature wallets in multiple locations around the world with extremely high security factors. Physical location, eliminating the risk of private key leakage from the physical level.
• build“Biometric + hardware token + geographical location triple authentication and authorization mechanism: In the multi-signature transaction process, innovatively build a biometric + hardware token + geographical location triple authentication and authorization mechanism to increase the security of authentication and authorization. Strength has been increased to unprecedented heights.
• create“Full-process traceability, all-round visualization, and fully automatic intelligent security audit log and monitoring platform: We have invested heavily in building a new generation of security audit log and monitoring platform to realize full-process recording, all-round visual display, and all-round automatic intelligent analysis and real-time risk warning to achieve all-round security audit and monitoring of pre-warning, inter-process blocking, and post-event traceability.

 

Continue to improve hot and cold wallet management solutions:

• Introduce AI-driven dynamic hot and cold wallet intelligent balancing system: Innovatively introduce an AI-driven dynamic hot and cold wallet intelligent balancing system, based on AI algorithms to predict key indicators such as exchange transaction volume, user withdrawal demand, and market fluctuation risk in real time, dynamically and intelligently adjust the proportion of funds in hot and cold wallets to minimize the proportion of funds stored in hot and cold wallets.

• explore“Fully automated, zero-manual intervention hot and cold wallet fund transfer technology: On the premise of ensuring absolute security, actively explore fully automated, zero-manual intervention hot and cold wallet fund transfer technology, such as using cutting-edge technologies such as Trusted Computing Environment (TEE) and Multi-Party Computing (MPC) to minimize the risks that may be introduced by manual operations.

• build“Multi-dimensional, three-dimensional, and intelligent linkage hot wallet security protection system: Build a multi-dimensional, three-dimensional, and intelligent linkage hot wallet security protection system. For example, on the hot wallet server, deploy dozens of security protection technologies and security devices, and all security devices and systems are intelligently linked to achieve the highest level of security protection with a single point of threat triggering and coordinated defense across the platform.

• construction“Multi-active disaster recovery centers in the same city + off-site + overseas areas: Build a multi-active data center and disaster recovery system in the same city + off-site + overseas areas to realize real-time synchronous backup and second-level switching of all key data to ensure that in any Extreme circumstances, the exchange business can operate continuously, stably and safely.

Protecting the assets of crypto investors: The ultimate mission of the JuCoin exchange

Establishing the world’s most secure and trustworthy cryptocurrency trading platform to maximize the protection of cryptoinvestors ‘property security is JuCoin’s eternal original intention and mission. JuCoin will continue to invest massive resources, continuously innovate security technologies, iterate security systems, optimize security processes, strengthen security management, and unswervingly build the most indestructible security defense line for global encryption investors, so that every user who chooses JuCoin can truly Conduct cryptoasset transactions with peace of mind, confidence and security, and jointly embrace the bright future of cryptocurrency.

summary

CEX’s security construction is a systematic project with no end point and continuous evolution. It requires endless learning and innovation, and continuous learning and integration of the most advanced security technologies and best security practices. JuCoin Exchange will continue to adhere to the principle of putting security first, continuously improve security protection capabilities, and provide users with safe, reliable and trustworthy cryptographic asset trading services.

attention JuCoin gets the latest information

Website:https://www.jucoin.com

Twitter：https://www.gushiio.com/JuCoin_CN

Telegram：https://www.gushiio.com/jucoinex_zh/1

Welcome to join the official social community of Shenchao TechFlow

Telegram subscription group: www.gushiio.com/TechFlowDaily
Official Twitter account: www.gushiio.com/TechFlowPost
Twitter英文账号：https://www.gushiio.com/DeFlow_Intern