Exchanges should require stronger proofing for actions that can move funds or change account state, not just for initial sign-up. The verification process should include liveness, audit trails, and step-up checks that bind the user to the specific sensitive action. That reduces the chance that a compromised or synthetic identity can pass a low-friction flow and immediately cause loss.
Why This Matters for Security Teams
High-risk crypto transactions are not just authentication events. They are account-state and fund-movement events that can create immediate, irreversible loss. That is why exchanges need step-up verification tied to the specific action, not a one-time check at onboarding. NHI Management Group research shows how quickly identity control failures become operational incidents, and the same pattern appears when transaction approval paths are too easy to replay or delegate.
Traditional login assurance can be bypassed by session theft, social engineering, or compromised recovery channels. For exchanges, the relevant question is whether the person or process initiating the transfer is the same entity that was originally proofed, and whether that proof still holds at the moment of risk. Current guidance in NIST Cybersecurity Framework 2.0 supports stronger protection for sensitive actions, but implementation details vary by risk model and jurisdiction. In practice, many security teams encounter transaction fraud only after a compromised session has already authorized a withdrawal rather than through intentional high-risk verification design.
That concern is amplified by broader NHI failure patterns documented in Ultimate Guide to NHIs, where weak lifecycle control and excessive standing access routinely turn a single credential issue into a larger compromise.
How It Works in Practice
The strongest exchange designs treat high-risk actions as separate from ordinary sign-in. A user may pass baseline authentication, but a withdrawal above a threshold, adding a new wallet address, changing recovery factors, or disabling protections should trigger a second decision layer with evidence bound to that exact request. The proofing step should be action-specific, time-bound, and auditable.
Common controls include liveness checks, device binding, transaction signing, velocity limits, and step-up approval when risk signals change. Exchanges should also record who approved what, from where, and under which policy. Where feasible, the policy engine should consider context such as beneficiary age, destination risk, prior fraud history, session freshness, and unusual geo-velocity. That aligns with the risk-based approach in NIST Cybersecurity Framework 2.0, even though the framework does not prescribe a single identity-verification method.
- Bind verification to the transaction, not only to the account.
- Use liveness and challenge-response for wallet changes and withdrawals.
- Require step-up checks when risk or value crosses defined thresholds.
- Log proofing evidence, approval context, and final enforcement decision.
- Revoke or expire high-risk approval paths quickly after completion.
This is especially important in environments with manual review queues, API-driven withdrawal tooling, or shared support tooling, because a weak approval workflow can become a privilege-escalation path. NHI controls matter here as well: if support operators, bots, or workflow identities can trigger transfers, they need the same discipline described in Ultimate Guide to NHIs and the compromise patterns seen in 52 NHI Breaches Analysis. These controls tend to break down when exchanges rely on a single reusable verification factor across account recovery, support escalation, and withdrawal approval because the risk boundary disappears.
Common Variations and Edge Cases
Tighter verification often increases customer friction and support load, requiring organisations to balance fraud reduction against conversion, latency, and dispute handling. That tradeoff is real, especially for global exchanges with mixed retail and institutional flows, but current guidance suggests the highest-friction controls should be reserved for the highest-impact actions.
There is no universal standard for this yet. Some exchanges use threshold-based step-up, while others add beneficiary allowlists, cooling-off periods, or manual callbacks for first-time withdrawals. The right model depends on asset type, user profile, and local regulatory expectations. For example, a small internal transfer between pre-approved wallets may justify lighter checks than a new destination on a high-value account, but both still need auditable proof that the request was intentional.
Edge cases also matter. Recovery flows are often more dangerous than transfers, because an attacker who changes the recovery factor can bypass later controls. Support staff and bot-driven workflows should not get a weaker standard just because they are internal. The lesson from Ultimate Guide to NHIs - Why NHI Security Matters Now is that durable identity assurance depends on lifecycle control, not point-in-time trust.
In practice, the most reliable programs separate low-risk session assurance from high-risk transaction assurance, and they revisit those thresholds as fraud patterns change.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Step-up verification and action binding mirror runtime authorization for high-risk agent actions. |
| NIST CSF 2.0 | PR.AA | Identity verification and access control for sensitive transactions map to authenticated access assurance. |
| NIST AI RMF | Risk-based decisioning and human oversight align with AI risk governance for adaptive verification flows. |
Require request-time policy checks and bind approval to the exact high-risk action before execution.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
