That depends on several things. First be clear about the scope you want the exchange to have, then look for a team of highly qualified professionals, programmers, security experts, marketing experts... Then the work begins, tests are done, firewalls are programmed, and an internal test version is launched, after all that, security audits, DDOS attack tests, server overload tests, measures to avoid code injection... And everything is retested, until everything is safe and stable. But make no mistake, it can take years depending on the number of team members and especially the initial budget.