- Crypto processing
- Exchange of fiat and cryptocurrency
- Clients' payments acquiring in cryptocurrency on the merchant's website
- Fiat-cryptocurrency purchase with the payments by Visa and MasterCard
- Cryptocurrency custody services
- Creation of investment accounts for clients, purchase of shares in investment portfolios
Projects implemented on the platform:
DoroEX, purchase and exchange of cryptocurrency
AlteWay, crypto acquiring and investments
- Two-factor authentication
- KYC via Sumsub and linking limits to its level
- Card payment (visa/mastercard)
- Payment to the own client's personal wallet, without crediting to the client's balance on the platform
- fiat: card payment, bank transfer
- crypto: blockchain address generation for the payment to the platform
Exchange within the client's area:
- Fiat to crypto, crypto to fiat, crypto to crypto
- According to exchange rate plus platform fee
- Fiat withdrawal, SEPA payment
- Crypto withdrawal to the client's wallet: 1) manually by the operator from the platform's hot wallet; 2) integration with the exchange platform (Binance) - automatically generated orders of payment through the account on the binance
Acquiring on the merchant's website
Payment receiving in crypto
- Convert fiat amount to crytpocurrency (at the current exchange rate plus platform's fee)
- Address generation for receiving crypto from the buyer
- The widget displays status of the purchase - pending, paid, partially paid
- Funds are credited to the balance of the trader on the platform
- Generating and deleting API keys for connecting a widget on your site
- Withdrawal and exchange - similar to the described above
- Buyer payment history with statuses
Client's investment account opening.
Adding of client investment agreements and investment portfolios.
Displaying returns on portfolio.
Admin interface (platform administration)
Access restriction by IP addresses, two-factor authentication.
Merchant, buyer and customer management.
Platform turnover and revenue statistics.
Processing of withdrawal orders.
Confirmation of incoming payments, processing of cases of partial payment.
- for exchange
- for cryptocurrency purchase
- for withdrawal
- fixed and percentage
- general per platform, for a certain currency or individual for merchant/customer
The service does not have direct access to the cryptocurrency. All the funds are stored on the cold wallets, that only administrator has access to. Possible attack vectors that can lead to the loss of funds, and ways to counter them:
- Attack on the administrator, social ingeneering, in order to gain access to cold wallets.
Counteraction: following best practices in personal cryptocurrency wallets storage and management.
- Attack on servers in order to spoof withdrawal order.
Counteraction: vulnarability tracking in the installed software, update software to the latest version, using of white list of IP addresses for the access.
- Attack on the ustomer in order to generate withdrawal order to the intruders' wallets.
Counteraction: two-factor onfirmation of the withdrawal order, disclaimer in case the customer loses control over his device with Google Authenticator.
- Substitution of the generated address of the BTC wallet, to which the transaction is made.
Counteraction: similar to “Attack on servers in order to spoof withdrawal order”, deposits monitoring to the cold wallet, payment function disabling in suspitious situation.
Functions to be launched in the following release
- To accept deposits in ETH, USDT (ERC20), USDC (ERC20) to the operator's wallet
- Creation of orders for the sale/purchase of cryptocurrencies on the exchange platform while the client is doing exchange
- API for integration with B2B clients (primarily for fiat payment platforms that add crypto transactions to their clients area).
- Integration with the exchange platforms for the accepting deposits in crypto to the exchange account
- To accept deposits in USDT (TRC20) to the operator's wallet
- Update of client area UI
- Cryptocurrency management through multisig "2 of 3" (the server generates the transactionand signs it with its own key, the operator checks and signs with its own one, after that the transaction is finished. The third key is a backup.)
Screenshots of the projects that are launched on our platform
The functionality may differ from the above mentioned and what is planned for development.
Client area, dashboard
Crypto payments widget
List of received payments
Client cabinet, withdrawal request
Merchant API Keys