TxBits

An open source Bitcoin and crypto currency exchange

This project is no longer in active development.

Check out the screenshots below, our security writeup and our deployment scripts.

Our Goal

TxBits aims to be the first commercial-grade open source Bitcoin and crypto currency exchange. We hope to be able to leverage the power of open source to build the exchange with the lowest fees, highest security and greatest transparency. In case the .com/.org domains are confusing: We are following the WordPress model where .org is about the open source project and .com is one instance of it.

Screenshots









Release Notes

The most recent stable release is TxBits v0.2.0. Short list of new features compared to our initial preview release:

  • Rewritten trading engine
  • Multicolumn partial indexes on the database
  • Removal of all database triggers
  • Locked down database permissions for the frontend
  • 2FA recovery codes
  • 2FA verification is now on the database (frontend cannot authorize actions without a token)
  • PGP encryption of emails
  • API keys for automated trading
  • Option to have asymmetric trading fees
  • Pagination of account history using continuous scroll
  • Many other bug fixes and improvements

Technical Design

Our stack is: Scala, Play, PostgreSQL, Bitcoin Core and Litecoin Core. The software can support other Bitcoin-based cryptocurrencies such as Peercoin and Primecoin. We are currently using nginx as our frontend webserver.

Security

We have taken a defense in depth approach to software design with security in mind. This means that it is possible to lock everything down to a very high degree so that if an attacker is able to get through one layer of defense, there will still be more before they can reach any funds.

There are four main components: the frontend, the database, the wallet actor and the individual wallets (bitcoind, litecoind). The frontend does not have direct access to the wallets. Only the wallet actor does. The wallet actor periodically looks at the database and processes deposits and withdrawals. In the event of an attacker compromising the frontend, we (or whoever is hosting the exchange) will have the opportunity of detecting them and preventing them from stealing any coins. The frontend has very few permissions on the database, only the ability to run predefined "safe" functions, which further limits what an attacker can do.

Our release includes automatic wallet backups and transfers to cold storage as well as a strong password policy, two factor authentication, and email confirmations with PGP encryption.

About Us

Viktor Stanchev

Core Developer

Turn on javascript to show.

http://viktor.land

Kirk Zathey

Core Developer

Turn on javascript to show.

Contact Us

github, reddit, twitter, Turn on javascript to show email.

Use this PGP key to email us privately:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQENBFRImFcBCADZ/BPVBNbgaBn3xACTbZExBmh6Co50WnHeDYx6/ydcBW35C09g
nVDdGNDP0mwpnHgvO9dlRFn/LS8YyUrF4Wl8tBOroyxdSbmWa9JUW/JOB305Oca1
jXjKwGGA7CH6TGZW3k/Gp9JqMtInwzqyFWKOOTJDOdhJRCmn18NKwBx7qKnOgJhV
fi9WC1+cSEcrw4bdEMTbVpFqY6IwJ8e/VDPj4BHqBrX868d1vjYrsgqBjmVoVkov
ezZBTVj2hX70IPByA3sUhLfD9TBQoJFtw1cyymsXyod9Klk8/X4xszSBTEr0hQJh
rlurUX9hWq6w9TptvvgrFKpTl87DoGrvLCbPABEBAAG0GlR4Qml0cyA8dHhiaXRz
QHR4Yml0cy5jb20+iQE/BBMBAgApBQJUSJhXAhsDBQkB4TOABwsJCAcDAgEGFQgC
CQoLBBYCAwECHgECF4AACgkQ58q7kss1ivb7XQf/Zgr7JXOsyniZDdLQ4ncyx+Y+
oNAC4ylPCRHegj7t+NLBQ36pYk3f7zAYrocOPkVLsL/6MEWI9r25pCAHINlKXbWf
DaFoIaK59Fot0HyXSCqJ//Ji7j4smoJ2U1+rQhvbziTC+n5B1aJBcGGaFuBnL0/V
cjrunQT6J6gIJ9uivthyJ2dB7j5SGfKX5hli8ZrbqaHbNOfmCVlQahH5kTns04iV
jp5erK5LdRIXP8mx2MsN+Ah4TUfYzyw5fkiwjcb95WEmRJScS1ooN0MtDguY0hFT
hJfKI3Qy45swNWuodvOnvlmLtzGbZMa2nhR6uU9sUJpQLnw623Ls4KgZA0pVWbkB
DQRUSJhXAQgAqLDKrlDomBLhFFX/elvsNGVMGK/0sE7KPlmHgJ1m1q4lEb5tdIRc
PbwsFbo6viS+L48wKIL/hPQ50BuuMTO89aOBgUp0F3f9w0jYCLRU+jb0RYpH1JDW
aAwmyt3A8ud1PC+o3RhMfSQPOy9KAPY1As0KPkMc3E8iN+fnrXAc4FSOaQ6pZEQb
DX/n7dp1pupHE787C144OP4fTSXxEqhAIiYnFzPCgxezofxgUhHOHhgpkQdehXlT
XMo46r9JBBlI6m1OeR0aK/HBv3MthH/lgqq2aZOaHw1fm1c5uNyloORITzlzkVeQ
Y141L6W8du3f9xAEgqYiWTQ3wlPMNajv/QARAQABiQElBBgBAgAPBQJUSJhXAhsM
BQkB4TOAAAoJEOfKu5LLNYr28PkH/A6EhxPS1mwI+5AD1MaX1xL9JhBaHSBzS0Jc
7UKHrzBBI1oZiKqE6l7vX9DdAUNen8Ke71SJwJTKNdJqugMLqlgv2gZ6N5jXIMTD
JHFlcTl87GfzfJQoOVRje21AhWDGDybMYa1rEpxCvu42R26yEqmIzzizPPU0jmkI
WXAdlluGpXOTaVA5wTf1dhZ9lwXLcYHhTDMAVMdP5bWgOxkzWsWPeG3tMqe1wAEQ
DSYkmWIz7t5GMaAk9soZDOnY6bbuvZLx2i/Vjg5R0HEKammUOuOi7QtGb6pk1jTe
6dbx2kFXkqZtHQJ4qG9IQzHtHXhwo5HyOQiqSFyaj307atnqR18=
=fTrx
-----END PGP PUBLIC KEY BLOCK-----

Open Source License

TxBits uses the AGPLv3 license, which means among other things that anyone who modifies the TxBits software has to provide any users of their service with a copy of the source code.

TxBits
Turn on javascript to show email.

Copyright © 2014-2015
All rights reserved