Crypto.com Leverages AWS for High Security and Scalability

Crypto.com was founded in 2016 as a powerful alternative to traditional financial services. With products including a wallet, an app, a debit card, an exchange, and lending instruments, Crypto.com is a one-stop shop accelerating the global adoption of cryptocurrencies.

Based in Hong Kong, the company serves over 5 million customers around the world and prides itself on its commitment to security and compliance. Crypto.com is the first cryptocurrency provider to become ISO 27001– and ISO 27701–certified. It is also compliant with Payment Card Industry Data Security Standard (PCI DSS) Level 1, which is the highest level of compliance.

The startup launched its first product in 2018 on the Amazon Web Services (AWS) Cloud, which its founders chose for the AWS security posture and privacy controls. “AWS has a strong commitment to security even at the component level, with good encryption features for data at rest and in transit,” says Matthew Chan, CIO at Crypto.com.

Crypto.com firmly believes that people, processes, and technology are equally important in establishing and maintaining a culture of security. Many of the startup’s employees have undergone cybersecurity and privacy training and have various AWS certifications. Tools such as AWS Identity and Access Management (IAM) give Crypto.com fine-grained access control to define roles and permissions for each employee.

The startup has had a DevSecOps practice since day one to ensure security is baked into every element of software design. Its development process relies on infrastructure as code, with deployments and changes thoroughly documented. Code and infrastructure are regularly assessed using AWS Trusted Advisor, which detects potential security gaps and suggests recommendations for improvement.

Crypto.com leverages the AWS global footprint to stay on top of evolving data residency regulations. It uses AWS Transit Gateway to ensure privacy when connecting its virtual private clouds in different AWS Regions. All network traffic is automatically encrypted, which helps protect against distributed denial of service (DDoS) attacks and other common exploits.

The startup performs regular business continuity drills for disaster recovery (DR). “We can pivot quickly on AWS, migrating and backing up data between AWS Regions,” says Chan. “Our DR drills are painless, as automated snapshots ensure we can restore our databases to the exact point in time prior to a disaster, while keeping data integrity intact.”

Security and data privacy are critical to achieving Crypto.com’s goal of mainstream cryptocurrency adoption. As cryptocurrency markets’ regulations continue to evolve, Crypto.com's customers appreciate the leading role Crypto.com has taken in regard to verifiable security controls.

Customers expect 24/7 access and full functionality for Crypto.com’s services, especially during periods of high volatility in global financial markets. During these periods, traffic can spike up to eight times the typical peak load for applications such as the wallet and exchange.

“Because we’re in the financial services industry, we can’t experience any downtime, but at the same time we need to be agile and fast with content delivery,” Chan explains. The startup has real-time access to performance insights on the AWS Management Console to detect and troubleshoot issues when it experience slow running queries.

Crypto.com is constantly enhancing its products, with one-week release cycles as its norm. Many of its releases introduce new integration capabilities with payment systems such as IBAN in Europe and Automated Clearing House (ACH) in the US, so customers can easily move money from standard bank accounts into their cryptocurrency wallets.

Crypto.com uses Docker containers to standardize deployment. It has recently completed its continuous integration/continuous development (CI/CD) pipeline on AWS to automate build and test functions whenever new code is introduced. Engineers use Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Services (Amazon EKS) as fully managed container orchestration services.

“Amazon ECS and Amazon EKS are probably the most important services for our business in terms of the technological triumph we’ve achieved with AWS,” Chan says. “We can do rolling deployments with zero downtime and handle load balancing with the click of a button. Plus, both of these services have self-healing capabilities. This simplifies the scaling process and makes life a lot easier for us.”

Managed services such as Amazon ECS and Amazon EKS are among the features that initially attracted Crypto.com to AWS and have kept the company loyal ever since. In 2020, the business decided to upgrade to AWS Enterprise Support. It uses the service both as an emergency lifeline for system issues and for guidance on best practices and optimal cloud configuration when planning new projects.

Several projects are on the horizon, including the expansion of cryptocurrency derivatives and lending services to enrich the Crypto.com exchange. “By leveraging the latest technologies offered by AWS including more managed services, we gain time-savings, which allows us to focus on new offerings,” Chan says.