Our Processes
Maintenance of Trading Wallets
Quoine maintains all trading wallets off-line on cold storage at all times. This effectively eliminates any possibility of bitcoin being stolen by hackers at any given point in time. Even if a hacker does manage to get through our security firewalls, all bitcoin funds are 100% safe.
Additionally, for purposes of transparency (amongst others) each one of our customer gets their own bitcoin address where their bitcoin balance is stored. Users are free to check their balances using the given addresses using third-party tools such as blockchain.info. Here is how it works:

  • After a user registers and it is approved for transacting on Quoine, he/she will be assigned a bitcoin address. The bitcoin address is visible to the user that owns the account.
  • User then uses that address to send their bitcoin funds to.
  • Once funds are confirmed by the bitcoin network, user can transact on the exchange with the funds in that address.
The trade-off with the 100% cold storage approach is that withdrawing bitcoin from your account may take longer than usual, as we need to (1) perform balance and checks before any withdrawals are allowed and (2) Sign all transactions off-line. Signing transactions off-line requires some manual work. We believe this is a good compromise, as it ensures our customers will not lose their funds if a hacker were to break into our servers.
Maintenance of Trading Wallets
Know-Your-Customer (KYC) Process
Know-Your-Customer (KYC) Process
Our KYC processes are in place in order for us to ensure we only deal with legitimate individuals and with legitimate funds. KYC allows to stay within the law by weeding out individuals that might intend to use our platform for illicit purposes such as money laundering. Registration on our platform does not allow users to immediately transact on it. New users are vetted under KYC rules we have put in place. This means that you as a new user will be required to:
1. Provide accurate and recent residential information, as well as proof of it in the form of utility bills or bank statements.
2. Provide accurate name and ID information, as well as copy of national ID or passport.

We will then review your documents and notify you of approval or request additional information if we deem it necessary.
Anti-Money Laundering (AML) Process
In order to ensure our platform is only used for legitimate activities and in line with local laws & regulations, and with our own internal policies, we have put in place an AML process that allows us to monitor activities of members on an on-going basis. We have automated processes that review transactions on an on-going basis and look for transactions "patterns" that may indicate money laundering. Accounts that are found to have suspicious patterns are flagged and reported to internal management. If deemed suspicious, an account may be frozen and/or reported to local authorities for further investigation.
During funding, depending on the amounts being funded, members may be asked to provide details about the source of funds. Additionally, for further protection, withdrawals are only allowed to bank accounts where the account owner is the same as the member.
Anti-Money Laundering (AML) Process
Checks and Balances For Books & Records
Checks and Balances For Books & Records
In order to ensure our accounts are in good "health" and as part of our on-going operational risk management for our books and records, we perform highly automated reconciliation checks across all of our accounts on a frequent basis, at least once a day before we process daily transactions. Our checks allow us to ensure we identify potential issues such as account breaks (resulting from manipulation of balances for instance) as early as possible and to take the necessary actions to correct any issues that might arise. At the very least, we run reconciliation checks before any withdrawals (of BTC or fiat) are processed. Having these checks make it virtually impossible for anyone with malicious intentions to manipulate our books.
Reports are generated based on automated checks and exceptions are reported to management, investigated and fixed.
Transactions Processing
In line with our Checks and Balances processes, we do not settle all transactions amongst our members immediately. Members of our platform, however, are still able to transact with each other (buy or sell bitcoin) and our platform ensures prices are honored and funds are moved accordingly amongst our members accounts. Transactions resulting from buy/sell/withdrawal requests are settled at least once a day after checks and balances are performed and cleared. This process is in place in order to protect our customers against potential manipulation of the system or mistakes. For the purpose of this process, transactions include all buy/sell, and withdrawals. BTC funding is processed right away using the Bitcoin network so settlement/confirmation is tied to the speed of the network. Fiat funding is processed in line with local banks time schedules and throughout the day.
Note that changes to balances on actual members BTC addresses are not reflected until settlement takes place. However our system does keep real-time track of BTC account balances. This allows users to continue trading throughout the day without interruption. As a result, if you are using a third-party tool such as blockchain.info to monitor your BTC balance, your balance will not accurately reflect until after we have performed our settlement process.
Transactions Processing
Access to Our Systems
Access to Our Systems
As mentioned in other sections, we require all of our members to use two-factor authentication in order to login to our system. This may cause a slight inconvenience but we believe the trade-off's when it comes to keeping intruders from accessing your account are worth the extra time and effort. Two-factor authentication requires our members to login using two things: something they "know" and something they "have". We have chosen to use Authy (authy.com) to implement two-factor. Authy is an app downloadable on iOS, Android and other mobile devices. Alternatively, users can get the app to send them the auth code via SMS to their phones.

Quoine also enforces the use of strong passwords. When users first set up their account, they will receive real-time instructions from the app as to what is required in their passwords such as password length, required special characters, upper case letters, etc.. Additionally Quoine will use internal algorithms and report in real-time on the strength of the password used.
Our Development Processes
We have developed Quoine with the highest development standards in mind, including the following:
1. Separate environments for development, test, staging and production.
2. A clear process that allows us to test, vet and 'promote' new code through various stages all the way to production.
3. Fully automated unit tests for every single piece of code as well as fully automated feature tests using platforms and tools such as Cucumber such as CircleCi. These processes ensure that (1) all new code is fully tested (in an automated manner) before getting to production and (2) we run regression tests to ensure previous code does not break. We have literally hundreds of unit tests and feature tests that test everything from UI behavior to matching engine code.
4. Fully automated deployment process.
5. Limited access to production environment.
6. All code is properly maintained using proper source control tools: Git, with a strong process in place that allows multiple developers to work on the same source code concurrently.
Our Development Processes