My (completely pulled out of thin air) opinion is that there is no way that startups populated by young, hip developers can build a proper system for handling money. You need to have a baggage of a thousand bizarre things how these systems can be violated, unless you want to repeat the same mistakes - and that comes with time and experience.
There are literally at least hundred thousand developers who have worked for 20+ years on financial systems - the industry employs a lot of them. If you're going to be storing money of other people, picking up a random such guy - even completely mediocre, boring one - would at least bring up the many issues that are taken for granted in 'that world' but nonobvious if you're not from the financial industry.
> My (completely pulled out of thin air) opinion is that there is no way that startups populated by young, hip developers can build a proper system for handling money.
At least not if they are populted solely by young, hip developers. Those developers can probably build the system, but what they can't do is specify and validate the system. So, those young, hip developers need to at least spend some time talking to some experienced domain experts.
Or, you know, keep repeating every failure in the history of finance and banking that has led up to the industry practices and government regulations they are ignoring. Sure, you can likely find better solutions to some of those problems, but it would be better if you at least "anticipated" the well-known, obvious problems and solved them, rather than repeating them first.
Moreover, these things should be built upon the certainty that somebody smarter than you, the coder, might be interested in free money, and that the software will be broken.
Only with that mindset can one build a system that doesn't screw over every legit customer when it happens.
Ahh, the default finance mindset is a bit different - first, assume that your own employees, managers, sysadmins and developers would be interested in free money. Design the system, processes, checks and audits according to that - and it covers most of the precautions against outside hackers as a natural consequence.
If you start a BTC exchange, write half of the initial code yourself, have access to the servers and own the company - then you should ask a simple question: could I myself steal funds undetected? If you're an investor, could the CEO/founder steal funds undetected? If the answer is yes, you have work to do.
There are some theft options by privileged people that can't be realistically prevented, but you can make sure that those scenarios would be detected within a day, and thus those privileged people simply wouldn't do it to avoid jail.
There are literally at least hundred thousand developers who have worked for 20+ years on financial systems - the industry employs a lot of them. If you're going to be storing money of other people, picking up a random such guy - even completely mediocre, boring one - would at least bring up the many issues that are taken for granted in 'that world' but nonobvious if you're not from the financial industry.