Why APAC operators need APAC-anchored infrastructure
AWS US-East, Google Cloud US-Central, and Azure East US sit under US jurisdictional reach via the CLOUD Act, including for non-US-resident customers. Operators headquartered in Singapore, Hong Kong, Tokyo, or other APAC jurisdictions serving APAC users have legitimate reasons to anchor their infrastructure under more predictable jurisdictional frameworks. Tencent Cloud Hong Kong and Alibaba Cloud Singapore operate primarily under their respective host-jurisdiction legal frameworks. We architect cross-jurisdiction deployments explicitly around this distinction so customers get predictable legal exposure for their workloads.
Three-ring architecture for matching engines
A standard exchange-grade deployment uses three concentric rings. Ring 1 (matching engine + order book): bare-metal in Tencent Hong Kong with sub-microsecond inter-process communication using LMAX Disruptor patterns, hot-standby in Alibaba Singapore via 1ms RTT private cross-connect. Ring 2 (API gateway + WebSocket fan-out): Cloudflare Workers at edge handling REST and WebSocket, origin-shielded backend on Tencent Cloud. Ring 3 (signing + key management + identity): air-gapped HSM with multi-sig 2-of-3 across geographically separated key shards (Hong Kong, Singapore, Tokyo). Withdrawal signing requires manual confirmation through a separate channel. Cold storage is offline.
Origin protection at exchange tier
Exchange-grade workloads are persistently probed and attacked. We layer Cloudflare Magic Transit (L3/L4) + Cloudflare WAF (L7) + Alibaba Anti-DDoS Premium for backup capacity. Origin servers carry no public IPv4 — only private peering through Cloudflare Argo Tunnel and Alibaba PrivateLink. Origin IP rotation is automated weekly, with monitoring of public DNS history (SecurityTrails, RiskIQ). Real measurements: 6-hour 920 Gbps L4 attack absorbed at edge with no service degradation; API p99 latency held at 38ms throughout.
Engagement and compliance posture
We work with operators holding appropriate licensing in their operating jurisdiction (Singapore MAS, Hong Kong, Lithuania VASP, BVI, Cayman, Dubai VARA) or operating under structured pre-licensing pathways. We integrate on-chain analytics tooling (Chainalysis, TRM Labs) for operators who require it. Standard engagement begins with MNDA. Settlement options include wire transfer, regional rails, and stablecoin (USDC/USDT) where commercially appropriate. We pass through provider-side enterprise discounts without markup.
Anonymized case outline — A spot trading platform with USD $180M monthly volume migrated from AWS Tokyo to a Tencent Hong Kong + Alibaba Singapore active-passive setup. API p99 latency dropped from 142ms to 38ms for Asian retail users. The platform survived a 6-hour 920 Gbps L4 attack with no service degradation. Monthly infrastructure cost dropped 41% in absolute terms, and the operator's legal counsel confirmed the new architecture meaningfully reduced US jurisdictional exposure for their non-US user base.
FAQ
Do you support DeFi protocol frontends?
Yes. We host frontend, API, and indexer infrastructure for DeFi protocols. Smart-contract execution stays on-chain and outside our scope.
Settlement options?
Wire transfer, SWIFT, regional rails, USDT TRC20/ERC20, USDC ERC20. Monthly invoicing.
Migration timeline from existing US-based hosting?
Mid-size platforms typically complete cutover in 14–30 days from contract. Trading downtime under 2 hours during the cutover window.
KYC/AML tooling?
We integrate Chainalysis, TRM Labs, Sumsub, Onfido. We don't run KYC operations — that stays with the operator's compliance team.
Talk to our infrastructure team
MNDA standard. Multi-channel: email, scheduled call, or Telegram. We respond within 4 business hours.