Cryptocurrency platform Axioma CryptoPSP

Task

AXIOMA creates a universal cryptocurrency platform, on the basis of which you can offer cryptocurrency services that provide your clients with financial solutions in different configurations. In other words, we are developing a modular system that contains all the components of a crypto banking.
We use this platform to create custom projects for our clients, as well as to launch our own projects together with business partners.
We are constantly adding new functionality, and below you can see the modules that have already been released.
The date of the last update: 04.08.2022

Result

Key features

  • Crypto processing
  • Exchange of fiat and cryptocurrency
  • Clients' payments acquiring in cryptocurrency on the merchant's website
  • Fiat-cryptocurrency purchase with the payments by Visa and MasterCard 
  • Cryptocurrency custody services
  • Creation of investment accounts for clients, purchase of shares in investment portfolios

dashboard

Projects implemented on the platform:

DoroEX, purchase and exchange of cryptocurrency

AlteWay, crypto acquiring and investments

Client's area

Registration, authentication

  • Two-factor authentication
  • KYC via Sumsub and linking limits to its level

Cryptocurrency purchase

  • Card payment (visa/mastercard)
  • Payment to the own client's personal wallet, without crediting to the client's balance on the platform

Deposits

  • fiat: card payment, bank transfer
  • crypto: blockchain address generation for the payment to the platform

Exchange within the client's area:

  • Fiat to crypto, crypto to fiat, crypto to crypto
  • According to exchange rate plus platform fee

Withdrawals

  • Fiat withdrawal, SEPA payment
  • Crypto withdrawal to the client's wallet: 1) manually by the operator from the platform's hot wallet; 2) integration with the exchange platform (Binance) - automatically generated orders of payment through the account on the binance

Acquiring on the merchant's website

Payment receiving in crypto

  • Convert fiat amount to crytpocurrency (at the current exchange rate plus platform's fee)
  • Address generation for receiving crypto from the buyer
  • The widget displays status of the purchase - pending, paid, partially paid
  • Funds are credited to the balance of the trader on the platform

Merchants' area

  • Generating and deleting API keys for connecting a widget on your site
  • Withdrawal and exchange - similar to the described above
  • Buyer payment history with statuses

Investment portfolios

Client's investment account opening.

Adding of client investment agreements and investment portfolios.

Displaying returns on portfolio.

Admin interface (platform administration)

Access restriction by IP addresses, two-factor authentication.

Merchant, buyer and customer management.

Liquidity accounting.

Platform turnover and revenue statistics.

Processing of withdrawal orders.

Confirmation of incoming payments, processing of cases of partial payment.

Commission management:

  • for exchange
  • for cryptocurrency purchase
  • for withdrawal
  • fixed and percentage
  • general per platform, for a certain currency or individual for merchant/customer

Security

The service does not have direct access to the cryptocurrency. All the funds are stored on the cold wallets, that only administrator has access to. Possible attack vectors that can lead to the loss of funds, and ways to counter them:

  • Attack on the administrator, social ingeneering, in order to gain access to cold wallets.
    Counteraction: following best practices in personal cryptocurrency wallets storage and management.
  • Attack on servers in order to spoof withdrawal order.
    Counteraction: vulnarability tracking in the installed software, update software to the latest version, using of white list of IP addresses for the access.
  • Attack on the ustomer in order to generate withdrawal order to the intruders' wallets.
    Counteraction: two-factor onfirmation of the withdrawal order, disclaimer in case the customer loses control over his device with Google Authenticator.
  • Substitution of the generated address of the BTC wallet, to which the transaction is made.
    Counteraction: similar to “Attack on servers in order to spoof withdrawal order”, deposits monitoring to the cold wallet, payment function disabling in suspitious situation.

Functions to be launched in the following release

  • To accept deposits in ETH, USDT (ERC20), USDC (ERC20) to the operator's wallet
  • Creation of orders for the sale/purchase of cryptocurrencies on the exchange platform while the client is doing exchange
  • API for integration with B2B clients (primarily for fiat payment platforms that add crypto transactions to their clients area).

Roadmap

  • Integration with the exchange platforms for the accepting deposits in crypto to the exchange account
  • To accept deposits in USDT (TRC20) to the operator's wallet
  • Update of client area UI
  • Cryptocurrency management through multisig "2 of 3" (the server generates the transactionand signs it with its own key, the operator checks and signs with its own one, after that the transaction is finished. The third key is a backup.)

Screenshots of the projects that are launched on our platform

The functionality may differ from the above mentioned and what is planned for development.

Client area, dashboard

dashboard

Crypto payments widget


widgets

List of received payments

invoices>

Client cabinet, withdrawal request

withdrawals

Merchant API Keys

api-keys