The Most Important Reason for Internal or External Hacking of Crypto Asset Exchanges:

Poor Cold Wallet Security and/or Wallet Mismanagement

DYOR! (Do Your Own Research!)

Below are the major crypto exchange hackings in the last 5 years. If you do not want to see all your savings being lost
when you wake up one morning, do your own research when choosing the stock exchange you work with. 

DYOR to not to be a victim of the crypto exchange!

2013
Silk Road
270.000.000 USD
2014
Mt Gox
700.000.000 USD
2015
Bitstamp
5.100.000 USD
2016
Bitfinex
72.000.000 USD
2017
Nicehash
60.000.000 USD
2018
Coincheck
535.000.000 USD
Bitgrail
195.000.000 USD
Coinrail
40.000.000 USD
Zaif
60.000.000 USD

1. Multisig Cold Wallet Security

We are the first cryptocurrency exchange using cryptographically empowered cold wallet more secure than Hardware Security Module (HSM)
In our cold wallet solution we use the most sophisticated cryptologic features enabling you to safe keep your crypto assets such as the Zero-Knowledge Proof and Multi-Party Threshold Signature Scheme
For multisignature wallets, the transfer of cryptocurrency requires multiple parties to agree (sign the transaction).
Bitmatrix cold wallet solution is secure against hacking and cyber-attacks by means of computational and provable security.

2. Proof of Reserves Audit

Audit by an independent audit firm of the crypto asset exchanges on whether they actually own the crypto assets they hold on behalf of their customers and the publicly disclosure of the results is a measure of transparency and reliability. Because the crypto exchanges may not really own the crypto assets that they claim to hold on behalf of their customers due to internal-external frauds that were not known to the public or to software-driven bugs. It is possible to test this situation only if all of the customers withdraw all their crypto assets from the relevant exchange at the same time, otherwise the actual situation cannot be known. For this reason, Bitmatrix will conduct annual audits to determine whether the amount of crypto assets in their wallets meets all of the liabilities to customers and will make the results public. 
Proof of Liabilities
Proof of Liabilities
The total amount of crypto assets that we hold on behalf of our customers (total liability amount) is calculated using the Merkle Tree .
Proof of Liabilities
Proof of Reserves
Total amount of crypto assets (total reserve amount) in all wallets belonging to Bitmatrix is calculated. Total reserves must be greater than or equal to total liabilities.
 
Proof of Liabilities
Proof of Solvency
With the annual audit to be conducted by independent audit companies, the real situation is disclosed to the public.
General Framework of the Qualification to meet Obligations  Audit
Source: Making Bitcoin Exchanges Transparent (September 2015) by C.Decker, J.Guthrie, J.Seidel & R.Wattenhofer 

3. Institutional Level Information Systems Management

Structure compatible to the ISO 27001 Information Security Management System Standard
  • Necessary risk management policies and processes regarding the measurement, monitoring and control of risks arising from information systems and operations are complied with. 
  • The continuity of special and general controls for information systems is ensured.
  • Responsibilities of employees and senior management have been determined in accordance with information security policies and processes.
  • The penetration test has been conducted for the security of the system. The penetration test will be repeated periodically.
  • Identification and valuation process has been established in accordance with local and international regulations. Users' personal information and data are kept encrypted.
  • Audit logs are recorded and secured for the operations of both the users and the employees. Unauthorized access attempts to the system or database are proactively blocked.
  • Duties and responsibilities in the areas of application development, testing and operation have been separated.
  • Emergency and contingency plan has been prepared.
  • Except in case of a force majeure, service is not stopped to the users without prior notice via the Site or by email.
  • Each year, an information systems audit will be done by an independent auditor.

4. Additional Security Layers for the Customers

Use Fido U2F
You can use the Fido U2F that provides the most reliable two-stage verification. Both Secure and Easy!
You can also use your Ledger wallets as FIDO U2F
Confirm Your Device 
If a new device that we do not recognize, other than the devices defined in the system, wants to log in to Bitmatrix, you will be asked to confirm with an SMS.
Lock your wallet
If you do not intend to transfer your cryptocurrencies to a different address even for a short period of time, you can lock it completely and prevent fraudsters from stealing your crypto assets. Only you can unlock the wallet when you want to transfer cryptocurrencies. 
Freeze Your Assets Instantly
You will be notified to your registered email address each time you enter Bitmatrix. When an unauthorized entry occurs into your account, you can freeze your wallet completely by clicking on the "Freeze My Account" button in that email and prevent fraudsters from stealing your assets.
Set Session Timeout by Yourself
According to your usage time, you can determine the session timeout by yourself and logout automatically when the defined time is over, hence you can eliminate the risk of your device being controlled
Select Security Picture
Every time you log in to Bitmatrix, check that the Security Picture you had selected is actually there to ensure that you are not directed to a fake web page by way of phishing.
Set Anti-Phishing Code
Please create an additional layer of security against fraudulent emails, by defining an anti-phishing code that will take place in every email sent to you by Bitmatrix.