CEX matching engine + cold/hot wallet internal architecture
On this page
Wiki route
This entry sits under exchanges index. Read it against Domestic VASP Cold Storage 95% + Segregated Management Regime for peer / contrast context and FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements for the broader system / regulatory boundary.
1. Matching engine overview
The core of a CEX = the matching engine (order-book matching engine). Design philosophies broadly fall into 3 categories:
- CLOB (Central Limit Order Book) — industry standard. Matches buy and sell orders by price and time. Carried over from NYSE / NASDAQ to CEXs
- RFQ (Request for Quote) — centered on institutional OTC. Request a bid/ask quote → individual fill
- AMM-like — DEX family. AMMs are an alternative design to CEX matching (see amm-design-evolution)
CEXs (Binance / Coinbase / bitFlyer / all domestic firms) are CLOB-based. Large institutional trades are handled separately by an OTC desk via RFQ.
2. CLOB matching-engine design elements
| Element | Content |
|---|---|
| FIFO (First-In First-Out) | Same price fills by time priority |
| price-time priority | 2 -stage matching of price priority + time priority |
| iceberg orders | Display large orders in splits to suppress market impact |
| post-only / IOC / FOK | Order types (maker only / Immediate-or-Cancel / Fill-or-Kill) |
| co-location | Low-latency connectivity for institutional HFT (NYSE / Binance VIP) |
Representative implementations: NYSE / Binance / Coinbase / dYdX v4 (Cosmos appchain). dYdX v4 implements a CLOB on top of on-chain validators, attempting to fuse CEX performance with DEX transparency.
3. RFQ / OTC engine
Institutional OTC (Cumberland / B2C2 / FalconX / Genesis (bankrupt)) adopts an RFQ scheme rather than a CLOB:
- A client requests a quote, e.g. “I want to buy 100 BTC”
- The market maker presents a bid/ask
- Individual fill (does not appear in the order book)
- Controls slippage + conceals price on large trades
Domestic OTC: bitFlyer / Coincheck provide similar functionality to retail customers under the “sales-counter (販売所)” label (see jp-cex-sales-vs-exchange-model-economics).
4. Cold/hot wallet internal architecture
The 3 -tier structure based on domestic VASP obligations (jp-vasp-cold-storage-segregation-rules):
- Hot wallet (≤ 5% domestic obligation) — directly connected to the matching engine · real-time deposit/withdrawal processing · maker/taker bot integration · signing via API
- Warm wallet — semi-offline · staging for large withdrawals · replenished from cold multiple times per 1 day
- Cold wallet (≥ 95% domestic obligation) — air-gapped signing · multi-sig (at least 2-of-3 ) · HSM or MPC mandatory
The Coincheck 2018 NEM 580 億円 incident was the result of “effectively hot 100%” (coincheck-nem-hack-detailed-analysis). The regulatory tightening after that incident made 3 -tier separation a domestic obligation.
5. Major technology stack
The 5 technologies of institutional custody (global-institutional-custody-five-pillars / jp-institutional-custody-three-pillars):
| Technology | Representative vendor | Role |
|---|---|---|
| multi-sig | Gnosis Safe (now Safe) | Standard 2-of-3 signing threshold · smart-contract based |
| HSM | Thales / Utimaco / Ledger Vault | Hardware cryptographic module · FIPS 140-2/3 certified |
| MPC | Fireblocks / Fordefi / Sepior | Key distribution · eliminates single point of failure |
| air-gap signing | Casa / Anchorage | Fully offline signing · no network connection |
| Shamir’s Secret Sharing | many | Threshold distribution of the private key (k-of-n) |
CEX implementation examples:
- Coinbase Custody — mix of multi-sig + HSM
- Anchorage Digital — MPC-centric (US OCC national bank charter)
- Komainu — cold + air-gap (Nomura JV)
- Fireblocks — MPC SaaS · adopted by domestic GMO Coin and others
The 2025 Bybit Lazarus hack (bybit-lazarus-hack-detailed-analysis) was a social-engineering attack that deceived multi-sig signers via Safe UI spoofing. The technology itself functioned, but a vulnerability in the UI layer was exposed, reaffirming the importance of air-gap + hardware confirmation. For detailed forensic methods, read bytecode forensic 3-tier verify and forensic identity anchor chain together. For a structural analysis of supply-chain attacks, see module path confusion supply chain attack.
Source: general industry knowledge + Binance / Coinbase tech blog + Gnosis Safe docs + Fireblocks whitepaper + Anchorage announcements.
Discovery
Keep reading
Read next
- Mercado Bitcoin — Brazil's largest CEX / SoftBank-backed / RWA tokenization push overview This entry sits under exchanges index. Read it against Foxbit for the closest Brazil peer / contrast context, global CEX top 10 comparison for the broader global benchmark, and RWA tokenizat... exchanges/cex-mercado-bitcoin-brazil
- CEX native token strategy comparison — economic mechanics of BNB / OKB / HT / KCS / BGB and others This entry sits under exchanges index. Read it against グローバル CEX top 10 ランキング比較 (2025-2026) for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regulat... exchanges/cex-native-token-strategy-comparison
- Upbit(업비트)/ Dunamu — overview of Korea's overwhelming spot-market leader This entry sits under exchanges index. Read it against 韓国 5 大 CEX 制度比較 for the Korea peer / regulatory context, Bithumb for the closest peer comparison(#2),and global CEX top 10 comparison f... exchanges/cex-upbit-korea
Links here
- Embedded-wallet network effects · the moat is in the integrator, not the wallet itself This entry sits under AI agent payment protocols overview: seven-protocol survey. Read it against Privy: Stripe-owned embedded self-custody wallet overview for peer / contrast context and pa... agent-economy/embedded-wallet-network-effects-moat
- Crypto-asset custody provider landscape matrix — Japan + Global institutional custody 10 社 technology / regulation / customer comparison The institutional crypto-asset custody market is differentiated along three axes: (1) technology model (cold storage / MPC / hybrid) × (2) license tier (Trust Charter / VASP / vendor only) ×... exchanges/crypto-custody-provider-landscape-matrix
- Global perp DEX competitive deep-dive matrix Perpetual-futures DEXs sit on three structurally distinct liquidity models — CLOB (central limit order book on-chain or hybrid), vAMM / pool-counterparty (single multi-asset LP pool serves a... exchanges/global-perp-dex-competitive-deep-dive-matrix
- Japan VASP business-model competitive matrix — comparison of 39 社's business segments / revenue structures / differentiation axes Japan's FSA-registered crypto-asset exchange service providers (VASPs) number approximately 27-39 社 as of 2026-05 (JVCEA membership categories + cumulative count including electronic-payment... exchanges/japan-vasp-business-model-competitive-matrix
- Domestic VASP Cold Storage 95% + Segregated Management Regime This entry sits under exchanges index. Read it against FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for peer / contrast context and 日本金融規制 — トークン・暗号資産・決済に関する法体系 for the broader system / regulatory boun... exchanges/jp-vasp-cold-storage-segregation-rules