(i) You don't know enough about appsec to be communicating things about the trustworthiness of your application.
(ii) Any feedback you're given about the threats your application faces is just going to get added to your list of "security challenges" you are aware of or have tried to address, which implies that anything anyone does to help you with your security is just going to be used to mislead others. No thanks!
I'm thrilled at the idea of a 17 year old building applications that need serious security countermeasures and would generally love to help. But not when the stakes are "other people's money".
You should pick a different project. For a variety of reasons. How about take your Bitcoin exchange and do (another) play-money exchange, like for a prediction market?
P.S. I used to participate on a prediction market. Was winning the Internet after going all in on three presidential elections. Got wiped out by JPY breaking a hundred two years too late for my contracts to pay. Did not jump out window.