Crypto Exchange
Pre-launch security review of a centralized exchange's hot-wallet service, withdrawal pipeline, and supporting AWS infrastructure.
Identified two critical issues that could have allowed unauthorized withdrawal approvals and one IAM escalation path into the signing service. All remediated and retested before public launch.
The client was preparing to open spot trading to retail customers and needed an independent third-party assessment of the entire withdrawal path — from the customer-facing API down through the approval workflow and into the HSM-fronted signing service.
Over four weeks we tested the public REST and WebSocket APIs, the internal admin tooling used by treasury operators, and the AWS account hosting the hot-wallet microservices. We treated the engagement as one attack surface rather than three.
The most serious finding was a race condition in the multi-approver flow that, combined with a tightly-scoped IAM misconfiguration, allowed a compromised operator account to push a withdrawal past the second-approver check. We demonstrated end-to-end exploitation in a staging environment and worked with the engineering team on a redesign that moved approval state into a tamper-evident store.
Findings were ranked by real exploitability and dollar-impact rather than CVSS alone. The retest confirmed all critical and high-severity issues were closed before launch.