2026 04 21 15 27 58

2026 04 21 15 27 58

Discussion on Admin Access and Roadmap

Current Status of the Admin Interface

  • The team is discussing the current state of the admin interface, which has not yet been released. They plan to meet with Max for updates.
  • A draft version of the admin interface is scheduled for release on the 23rd, prompting a need for a clear roadmap.

Roadmap Development

  • There are discussions about establishing a timeline for when access can be granted to other users, emphasizing collaboration among team members.
  • The deadline for MVP (Minimum Viable Product) completion is set for the 24th, with further evaluations planned after that date.

Access Control Concerns

  • The conversation shifts to controlling access within production environments and identifying who currently has access.
  • There’s an emphasis on understanding how VPN access is distributed and ensuring it aligns with security protocols.

Access Management Strategies

Current Access Protocols

  • Discussion around existing processes for issuing VPN access through NetBird and EB (Employee Benefits).
  • A need arises to maintain a list of employees who have been issued accounts and VPN access to ensure accountability.

Security Measures

  • It’s suggested that there should be two distinct lists: one for operators with limited access and another for developers with sensitive permissions.
  • The importance of having a comprehensive overview of who has what level of access in order to enhance security measures is highlighted.

Future Steps in Access Control

Timeline for Implementation

  • A proposal is made to compile all necessary lists by the end of next week, aiming for clarity in roles and responsibilities regarding access control.
  • If challenges arise during this process, team members are encouraged to communicate promptly so adjustments can be made.

Addressing Transaction Confirmation Issues

Need for Enhanced Confirmation Processes

  • The discussion transitions into transaction confirmation practices, particularly concerning high-value transactions.
  • There's recognition that current methods allow operators to confirm transactions without differentiation between small and large amounts, which raises concerns about security.

Proposed Solutions

  • Suggestions include implementing an additional confirmation step specifically for larger transactions as part of improving business processes.

Operations Discussion and Confirmation Process

Overview of Operations

  • The speaker expresses a lack of familiarity with "Jobri Echi" and requests detailed information about the operations being discussed.
  • There is a mention of treasury processes where L2 transactions require confirmation, but it is noted that these confirmations are not being properly checked by the treasury team.

Issues with Transaction Confirmations

  • A client wants to withdraw funds, but the system does not automatically process this until manual confirmation is made.
  • Concerns arise regarding the lack of verification on transaction confirmations sent for approval; there’s a need to document this issue for further discussion.

Manual Confirmation Challenges

  • When L2 attempts to execute a transaction, they submit a request for confirmation. However, treasury personnel merely mark them as approved without proper checks.
  • The group discusses adding additional layers of confirmation to ensure accuracy in transactions.

Crypto Withdrawal Processes

Development and Implementation

  • The conversation shifts towards developing a second confirmation mechanism for crypto withdrawals, suggesting amounts like 300,000 or 200,000 Tether as examples.

Timing and Coordination

  • Questions arise about how long it will take to implement these changes; concerns are raised about needing two days' notice before any adjustments can be made.

Systematic Verification Strategies

Nighttime Operations

  • The team discusses how many transactions occur at night and considers implementing systematic checks during these hours.

Balancing Checks

  • A proposal is made to create an anti-fraud case where manual confirmations would first check if an operation meets certain criteria before allowing approval.

Financial Integrity Measures

Cross-verification Mechanisms

  • It’s suggested that transaction history should align with balance calculations to prevent discrepancies in financial reporting.

Importance of Financial Consistency

  • Emphasis is placed on ensuring that balances are accurately reflected based on transaction histories; discussions include potential methods for achieving this consistency.

Prioritization of Security Tasks

Task Management within Security Teams

  • There’s recognition that security teams have multiple tasks; understanding priorities will help manage workload effectively while addressing financial integrity issues.

Client-Specific Solutions

  • The focus shifts towards creating tailored solutions for individual clients regarding their order balances and withdrawal processes.

Discussion on Transaction Monitoring and Anti-Fraud Measures

Importance of Transaction Verification

  • The discussion highlights the potential issues with transaction records, suggesting that discrepancies can arise if balances are manipulated through illegitimate means.
  • Emphasis is placed on the necessity for continuous monitoring of transactions, particularly when clients engage in operations that may not align with expected behavior.

System Checks Before Order Processing

  • A critical point raised is the need for additional system checks before an order becomes available to ensure all client balance calculations are accurate.
  • The team acknowledges a focus on anti-fraud measures and expresses a willingness to collaboratively develop solutions.

Anti-Fraud Case Studies and Vulnerabilities

  • There is a call for case studies related to anti-fraud efforts, indicating existing vulnerabilities that need addressing within the current quarter.
  • The urgency of filling gaps in anti-fraud measures from production is discussed, highlighting ongoing developments.

User Behavior Analysis

  • An example of unusual user behavior is presented, where users repeatedly change currency pairs, which could indicate suspicious activity.
  • The conversation shifts back to discussing necessary system checks prior to payouts, emphasizing the importance of verifying all operations against expected norms.

Handling Large Transactions and Security Concerns

  • It’s noted that systems must verify cash availability during transactions to prevent unauthorized access or fraud.
  • Concerns are raised about large withdrawals potentially being exploited by malicious actors who might wait until significant funds accumulate before executing fraudulent actions.

Discussion on Operational Limits and System Checks

Overview of Current Limits

  • The operational limit for the third contour is set at 800,000, but there are instances where the balance exceeds this limit, reaching up to 2 million.
  • A "red line" threshold is established; if balances exceed this, the system should halt payouts until further approval is obtained.

System Functionality and Requests

  • If a user has sufficient funds (e.g., 800,000), they may not initiate requests since new deposits will automatically go to the second contour.
  • The system's withdrawal process considers each order individually; however, it does not account for depositors' balances when determining limits.

Challenges with Depositor Balances

  • There are ongoing discussions about how exchanges manage online balances without overwhelming nodes with excessive requests.
  • Currently, depositor balances are largely ignored in calculations, which could lead to discrepancies in operational limits.

Insights on Depositor Management

  • It appears that some systems do not liquidate all funds from depositors immediately; instead, they hold onto them until necessary for payouts.
  • There's an open question regarding whether monitoring depositors' balances can effectively prevent issues related to fund withdrawals.

Proposed Solutions and Adjustments

  • Suggestions include creating a unified balance that incorporates depositor information into overall limits for better management.
  • Emphasis on understanding how exchanges handle depositor data will be crucial in refining these operational limits.

Addressing Excess Funds and Security Measures

Risks of Excessive Withdrawals

  • Concerns arise over potential theft or misuse of large sums within the third contour if proper checks aren't implemented.

Multi-signature Implementation

  • Discussion around using multi-signature protocols as a security measure for withdrawals; however, customization options seem limited.

Integrating Depositor Balances into Operations

  • The need to incorporate depositor balances into overall wallet calculations is highlighted as essential for maintaining control over payouts.

Anti-fraud Considerations

  • Proposals suggest documenting these processes as part of anti-fraud measures to ensure robust security against unauthorized access or withdrawals.

Final Thoughts on System Improvements

  • Continuous improvements in crypto administration are necessary to address limitations in current systems and enhance overall functionality.

Discussion on Monitoring and Incident Management

Overview of Incident Handling

  • The discussion begins with the importance of monitoring for incidents, particularly when funds are not being transferred as expected. A system alert is deemed necessary to address abnormal situations.
  • If a fund transfer fails, it is classified as an incident that requires immediate attention from financial monitoring teams. There’s a suggestion that ticket creation should be initiated without halting other processes.

Strategies for Large Transfers

  • The team considers implementing checks specifically for large transfers (e.g., over 100,000). Until these transfers are completed, all other withdrawals may be paused to prevent issues.
  • There's a proposal to enhance the admin interface by adding film monitoring features to track failed transfers and assess their impact on overall operations.

Ticketing System and Communication

  • Questions arise about the frequency of tickets related to failed crypto transfers. It appears that such incidents have been rare but are becoming more common.
  • One participant notes that recent improvements in the script have stabilized operations, suggesting readiness to integrate new solutions into existing systems.

Balances and Monitoring Requirements

  • The need for balance checks is emphasized; if balances aren't monitored effectively, there’s a risk of undetected issues arising from unprocessed deposits or withdrawals.
  • A consensus emerges around ensuring deposit balances are tracked accurately before implementing any new monitoring systems.

Final Thoughts on Implementation

  • Participants discuss how all transactions must be monitored within the administrative framework. They highlight the necessity of tracking both third-party and withdrawal-related activities.
  • The conversation concludes with reflections on operational limitations regarding access controls within their systems, emphasizing security concerns related to token issuance for admin registrations.

Admin Infrastructure Discussion

Overview of Admin Infrastructure Needs

  • The team discusses the necessity for a separate infrastructure to host the admin panel, suggesting that it should not be deployed on their current DeWobser infrastructure. This would involve having an independent GitLab and Kubernetes setup.

Development and Access Control

  • There is a plan to allow further development of the admin panel while controlling access. They propose giving limited rights to certain users, allowing them to perform specific tasks like merging requests without full administrative privileges.
  • The idea is to provide access tokens for developers (referred to as "IBS-ники") so they can manage the admin panel independently while ensuring security measures are in place against unauthorized actions.

Security Measures and Token Management

  • A discussion arises about security concerns related to token management, emphasizing that only designated personnel should create tokens, preventing misuse or unauthorized fund withdrawals. This ensures that even if someone creates a token, they cannot execute sensitive operations without proper authorization.

Account Registration Process

  • Questions are raised regarding the registration process for new accounts, specifically whether it can remain as simple as using a single token for registration or if there needs to be an additional layer of verification by a super admin before account creation is approved.
  • It’s suggested that even with a one-time token system, there should be confirmation from another responsible party within production before finalizing registrations. This adds an extra layer of accountability in user onboarding processes.

VPN Implementation for Admin Access

  • The conversation shifts towards implementing a separate VPN for accessing the admin panel, which would enhance security by restricting access only to authorized users who have been granted permission through this VPN system. This could help streamline processes related to becoming a super admin or crypto-admin by requiring explicit approval from higher authorities within the organization.

Clarification on Request Processes

  • There’s confusion about how requests between different layers (admin and crypto-admin) will function; clarifications are sought on whether requests need to go through multiple layers or if they can occur internally within the crypto-admin interface itself. This highlights potential inefficiencies in their current setup that need addressing moving forward.

Next Steps and Coordination Efforts

  • Plans are made for future discussions regarding these topics with relevant stakeholders, including setting up meetings with those involved in managing GitLab and other necessary infrastructures needed for effective implementation of these ideas discussed during this session. Collaboration among team members is emphasized as crucial for successful execution of these plans moving forward.

Discussion on VPN Access and Operational Efficiency

Challenges with Current Access Protocols

  • The conversation begins with concerns about the inconvenience of using vegetables as a metaphor for operational tasks, highlighting the need for better access protocols in Dubai.
  • There is a discussion about the necessity of separating access levels among different personnel to enhance security and efficiency, emphasizing that one person should not have overlapping access rights.
  • Acknowledgment of resource limitations is made, indicating that current operations require more personnel to manage tasks effectively without compromising security.

Proposed Solutions for VPN Management

  • The dialogue suggests that having multiple VPN connections could be beneficial, allowing individuals to manage different roles without risking data integrity or safety during daily operations.
  • A request is made to Mikhail regarding the need for a separate VPN for crypto administration, indicating ongoing adjustments to improve operational workflows.

Next Steps and Follow-Up Actions

  • Plans are set to gather more information before discussing further with team members (TB specialists), ensuring all necessary adjustments are considered.
  • The meeting concludes with an invitation for questions, confirming clarity on tasks while encouraging open communication among team members.