Calin Gabriel Senior Backend Engineer · Node.js / TypeScript

← Case files · Case file 01

Bitpanda Custody Platform

Backend work on an institutional crypto-custody platform for banks — where correctness, auth, and auditability are the product.

Fintech
§ 01

The problem

Bitpanda was building an institutional crypto-custody platform for banks — infrastructure that lets regulated financial institutions hold and manage digital assets for their customers. In custody, the backend is the product: correctness, authentication, and auditability decide whether a bank can trust the platform at all.

Banks needed a safe way to manage and validate the crypto addresses their customers withdraw to. A wrong address in custody isn't a bug ticket; it's potentially unrecoverable customer funds. My work centred on owning that address-book capability end-to-end, alongside hardening authentication across services and raising the backend testing bar.

§ 02

How I approached it

I owned the crypto address-book feature end-to-end — from design through build to production — on a backend built with Fastify, GraphQL, and TypeScript running on AWS microservices and serverless. The feature manages and validates customer crypto addresses inside a regulated custody environment, so validation rules, edge cases, and failure modes were treated as first-class requirements, not afterthoughts.

Working across service boundaries, I strengthened authentication between services — in a platform serving banks, inter-service trust is part of the security model, not plumbing. I also introduced backend testing patterns that the team adopted, so confidence in changes came from executable checks rather than review vigilance alone.

Delivery happened inside a cross-functional team of 3 backend and 4 frontend engineers, a designer, and a product owner — which meant plain communication about risk and scope was as much a part of the job as the code.

§ 03

Key technical decisions

01

Validation as the product

Customer crypto addresses must be validated before they can ever receive funds. The address-book treated validation rules and edge cases as core domain logic — because in custody, a quietly accepted bad address is the worst possible failure.

02

End-to-end feature ownership

Designed, built, and shipped the address-book backend as a complete slice — API design, data model, validation, tests, and release — rather than task-by-task execution. That's the ownership shape regulated platforms need from a senior.

03

Auth across service boundaries

Strengthened authentication between services on an AWS microservices and serverless architecture. For bank-facing infrastructure, inter-service trust is part of the threat model and was treated accordingly.

04

Testing patterns the team kept

Introduced backend testing patterns that other engineers adopted, raising the shared quality bar instead of just protecting my own features. Adoption by the team is the difference between habit and policy.

§ 04

Business impact

End-to-end
Address-book: design → production
Bank-grade
Regulated custody environment
Adopted
Testing patterns picked up by the team

The address-book gave banks a validated, auditable way to manage where customer crypto can move — a prerequisite for offering custody at all. Auth hardening and the adopted testing patterns raised the platform's baseline, not just one feature's. Exact platform metrics aren't mine to disclose; the custody domain doesn't publish its numbers.

For a contract buyer, the relevance is direct: this is recent, senior, regulated-fintech backend work — the environment where a quiet bug becomes a headline, and where features ship only when they're tested, reviewed, and defensible to an auditor.

§ 05

What I took away

Custody work rewires how you think about risk. In most products, an edge case is a bug; in custody, an edge case can be irreversible movement of customer funds. I learned to design from the failure modes backwards — what must never happen — and let that drive API shape, validation, and tests.

It also confirmed something about seniority in regulated teams: the value isn't typing speed, it's owning a slice end-to-end and making its risks legible — to reviewers, to product, and ultimately to the banks relying on the platform.

§ 06

Stack

FastifyGraphQLTypeScriptAWSServerlessNode.js