Build vs. Buy: The Wallet Security Choice That Can Define Your Exchange

The Cost of Getting Security Wrong

In the world of cryptocurrency, centralized exchanges are once again under siege. After years of targeting decentralized platforms, hackers have returned to centralized exchanges, drawn by their high liquidity and the rising value of Bitcoin as the cryptocurrency’s price approaches the $100,000 mark.

Just last week, XT.com fell victim to an attack that exploited vulnerabilities in its wallet infrastructure, resulting in an abnormal transfer of $1.7 million worth of assets. While the exchange reassured users that their funds were unaffected—citing its policy of reserving 1.5x user deposits to ensure security and zero losses—blockchain security firm Peckshield reported that the stolen assets had already been swapped for 461.58 ETH and were sitting in a wallet with the address 0xB43f…8F83. 

This incident underscores a troubling trend: even exchanges with user-centric approaches and reserve mechanisms remain vulnerable to sophisticated hacks. The breach highlights how attackers now employ advanced tactics, such as rapid laundering of stolen assets, making detection and recovery increasingly challenging.

Chainalysis’s 2024 Crypto Crime Mid-Year Update notes that while established cryptocurrency trading platforms have fortified their defenses in recent years, newer and smaller exchanges often lack the same robust infrastructure, making them particularly vulnerable. The report further states that hackers are exploiting vulnerabilities in wallet infrastructure and governance policies, particularly on newer, less-secure platforms.

Further recent examples highlight the scale of the problem:

• DMM Bitcoin (May 2024): Approximately 4,500 Bitcoins were stolen after hackers exploited vulnerabilities in wallet infrastructure; the Japanese exchange will shut down in March 2025 after transferring its assets to trading platform SBI VC Trade.

• WazirX (September 2024): $230 million was lost due to a malicious smart contract upgrade, exposing governance weaknesses and sparking a class action lawsuit.

The fallout from these breaches extends beyond financial loss. Reputational damage, customer attrition, and even legal battles—are stark reminders of what’s at stake.

For exchanges, the pressing question is clear: should they invest in building their own wallet infrastructure, or is partnering with a specialized Wallet-as-a-Service (WaaS) provider the smarter path forward?

The Growing Threat Landscape for Crypto Exchanges

Crypto exchange security is no longer about protecting assets against rudimentary attacks; today’s threat landscape is marked by sophistication and persistence. Hackers leverage advanced technologies and exploit systemic vulnerabilities to breach exchanges.

Here are the most common attack vectors facing exchanges today:

• Phishing and Social Engineering: Hackers craft highly targeted phishing campaigns to deceive employees into sharing credentials or bypassing security protocols.

• Malware Attacks: Advanced persistent threats (APTs) embed malware into exchange systems, enabling unauthorized access to private keys or continuous monitoring of sensitive activities.

• Exploitation of Smart Contract Vulnerabilities: Poorly audited smart contracts are prime targets for attackers, who exploit coding weaknesses to manipulate wallet functions or drain funds.

• Supply Chain Attacks: Infiltrating third-party providers, such as software vendors or custodial partners, allows attackers to compromise exchange operations indirectly.

For smaller exchanges with limited resources, the complexity of these threats poses a significant challenge. Without robust defenses, even well-established platforms are vulnerable.

Build vs. Buy: The True Costs of Building In-House

The Rising Challenges of Building In-House Wallet Infrastructure

Building an in-house wallet infrastructure may initially appear to offer greater control over security and functionality. However, the hidden costs and challenges associated with this approach are often underestimated, particularly in a market that’s rapidly expanding due to increased retail and institutional interest.

• High Upfront Development Costs

  • Developing wallet infrastructure requires significant capital investment in specialized hardware, software, and highly skilled developers.

Building support for a single blockchain can cost upwards of $50,000-$100,000 in development time, depending on the complexity of the chain. Adding support for multiple chains quickly multiplies costs.

• Strain on Technical Teams

  • Ongoing Maintenance: Each blockchain integration introduces new maintenance burdens, including updates for protocol changes, transaction monitoring, and troubleshooting.

  • Divergence of Focus: As technical teams focus on wallet maintenance and blockchain integrations, they have less bandwidth to innovate or improve core exchange functionalities like user experience, liquidity optimization, or institutional onboarding.

  • Talent Scarcity: The crypto industry faces a global shortage of blockchain developers. Hiring and retaining skilled professionals to manage in-house solutions is not only expensive but also highly competitive.

• Scalability Bottlenecks

  • Exponential Complexity: Each additional blockchain adds complexity, requiring adjustments to the underlying infrastructure, which can slow down operations and create scalability challenges.

  • Risk of Downtime: Inefficient in-house systems may lead to service interruptions during peak market activity, eroding user trust and costing millions in trading volume.

• Rising Compliance Demands

  • With increasing regulatory oversight, exchanges must implement robust KYC/AML frameworks and demonstrate adherence to security standards such as SOC 2 and ISO 27001.

These requirements add layers of complexity and demand specialized expertise, increasing operational costs further.

Strain Amplified in a Bull Market

In a bull market, the challenges of building in-house wallet infrastructure are magnified:

• Surging User Demand

  • With Bitcoin’s price hitting an all-time-high and the crypto market experiencing a flood of new users, exchanges face overwhelming demand for new assets and blockchain integrations.

  • Failure to scale quickly enough risks losing market share to competitors.

• Institutional Pressures

  • Institutions entering the market require support for high-value transactions, diverse asset coverage, and real-time monitoring—all of which strain existing systems.

• Operational Risks

  • A bull market drives higher transaction volumes and liquidity demands. Exchanges with in-house systems may struggle to process transactions efficiently, leading to delays, errors, and potential losses.

The WaaS Advantage: Solving the Scalability Puzzle

Streamlining Operations and Costs

Wallet-as-a-Service (WaaS) solutions like Cobo eliminate many of the operational and financial burdens associated with in-house systems:

• Rapid Integration: Pre-built integrations supporting more than 80 blockchains and 3,000 tokens enable exchanges to support new assets in days rather than weeks or months.

  • Example: With WaaS, adding support for a new chain is as simple as completing a few API integrations, freeing up technical teams to focus on growth-oriented initiatives.

• Cost Savings: WaaS operates on a scalable model, eliminating the need for large upfront investments while reducing ongoing maintenance costs.

  • Real-World Insight: Cobo’s WaaS has enabled cryptocurrency futures and options exchange Deribit to achieve significant cost savings by reducing the need for extensive infrastructure investments. As Deribit expanded its operations, Cobo provided the reliability and scalability required to support their growth.

Mitigating Talent and Scalability Challenges

• Specialized Expertise: WaaS providers maintain dedicated teams of blockchain and security experts, ensuring systems remain up-to-date and compliant with evolving standards.

• Seamless Scalability: WaaS platforms are designed to handle high transaction volumes and diverse assets without service interruptions, even during market peaks.

Enhanced Security and Compliance

• Holistic Security Architecture: Cobo’s WaaS integrates 4 major wallet technologies, Custodial, MPC (Multi-Party Computation), Smart Contract, and Exchange Wallets into a unified platform, allowing exchanges to customize their wallet infrastructure to align with unique operational requirements. 

In particular, Custodial Wallets and MPC Wallets provide exchanges with the ideal balance of secure asset storage and flexible, policy-driven access to funds, meeting both operational and security needs.

• Custodial Wallets: Ideal for exchanges managing large reserves, these wallets prioritize simplicity and security by storing 90-95% of funds offline in cold storage, minimizing exposure to online threats. The remaining funds are allocated to warm or hot wallets, enabling efficient trading operations and ensuring liquidity for day-to-day transactions.

• MPC Wallets: Leveraging advanced cryptographic techniques such as the Threshold Signature Scheme (TSS), MPC Wallets eliminate single points of failure by distributing private key shares across multiple secure environments.

  • Private keys are never reconstructed in full, significantly reducing the risk of key compromise.

  • This process enables exchanges to implement multi-signer thresholds via a Threshold Signature Scheme (TSS) to secure transactions while maintaining flexibility. Additionally, exchanges can easily establish governance and transaction policies, defining rules such as transaction limits and frequency, to enhance security.

• Regulatory Readiness: Cobo holds SOC 2 and ISO 27001 certifications, reflecting adherence to internationally recognized security and operational standards. By leveraging these certifications, exchanges can rely on Cobo’s infrastructure to meet global regulatory requirements, reducing the need for extensive internal compliance efforts.

This allows exchanges to allocate resources toward growth and operations while ensuring alignment with high industry standards.

Why WaaS is Critical in the Current Bull Market

The crypto bull market brings unprecedented opportunities—and risks. To stay competitive and meet soaring demand, exchanges must focus on agility, security, and scalability. WaaS solutions provide:

• Faster Time-to-Market: Deploy support for trending assets quickly, capturing the interest of retail investors flocking to the market.

• Reliability Under Pressure: Handle high transaction volumes without system failures, ensuring a seamless user experience.

• Institutional Appeal: Attract large-scale investors with a secure, compliant platform capable of supporting diverse trading needs.

For exchanges aiming to scale efficiently while navigating the complexities of a booming market, the choice between building and buying has never been clearer.

Build Resilience, Scale with Confidence

Building in-house wallet infrastructure may offer control but comes with high costs and operational risks, especially during periods of rapid market growth. In contrast, WaaS solutions like Cobo enable exchanges to scale securely, integrate new chains quickly, and meet the needs of an ever-expanding user base.

Ready to scale your exchange in the bull market? Explore how Cobo WaaS can enhance your security and efficiency. Request a demo today.