In cryptocurrency, losing the private key means losing all the funds. In general, wallet security means coming up with ways to prevent people from stealing the private key. This can be achieved with a combination of the following techniques:
- Human Governance – Who can access what, need to know basis, multi-approval …etc.
- Wallet Governance – Split your funds into different wallets, ie Hot Send, Hot Receive, Warm wallet, Cold wallet ..etc.
- Technology – Using better encryption technologies, hardware wallets, multisig …etc.
Many exchanges got hacked by over-relying on technology, ie automation.
There is no guarantee that cryptocurrency custodians (eg exchange or ICO operators) will store their funds securely and will not run away with it.
In fact, security breaches are common in the crypto space and many funds have been stolen by hackers or the owners themselves.
How can we prevent that from happening?
What is CryptLock?
CryptLock is an enterprise wallet solution for custodians which emphasises on Human and Wallet governance so as to mitigate the risk of user’s funds being stolen.
- It provides an organised and secure way for crypto assets custodians to use hardware wallets as hot wallets.
- It allows the use of manual over automated funds withdrawal to reduce the risk of hacking.
- Do not need to trust people or system to generate/store our private keys no matter how secure they claim their system is.
- Admin(s) choose(s) delegates carefully to distribute human labor for funds withdrawal to reduce workload on the admin.
- Do not want to pay huge fees to third party for using their wallet services.
- Prevents centralised control by the admin.
- Funds are centrally controlled by the BIP39 compatible hardware wallet (eg Trezor) held by the Admin/s.
- As a daily routine, the admin/s need to fulfil standard operating procedures:
- Transfer funds to appointed delegates (human or machine) so that they can transfer to client’s wallet any time. The amount to transfer is the amount the admin is willing to risk.
- Transfer funds to client’s wallet straight away.
- Transfer funds to the vault wallet (cold wallet).
There are 3 user types in CryptLock.
- Verfier: Someone who verifies the the withdrawal request is legitimate by comparing both its system and CryptLock entries.
- Delegate: Someone who is entrusted by the Directors to send funds out on behalf of the Directors.
- Admin: Directors or Keyholders who have super admin rights in CryptLock.
Admin Wallet Governance
- An admin hardware wallet is multi-approved rather than Multisig. Sending funds requires 2 Teams, the Director and an external Support Team with a locked down physical device provided by Whale Tech.
- To send a transaction, the Director will need to unlock the hardware wallet pin, the support person need to enter the right phrase (25th seed) and it needs to happen on a locked down device.
- The Director will need to do a pin unlock if the Trezor is disconnected or the machine rebooted.
- When the Trezor is unlocked, the Support person can only access cryptlock.io or trezor.io with the secret phrase. The wrong phrase will create a totally different wallet, preventing a wrench attack.
- Withdrawal request is submitted to CryptLock via an API endpoint.
- Verifier logs into UI and verifies the withdrawal is legitimate. Verifier accepts the withdrawal.
- Delegates or Admins login and send the funds using the hardware wallet.
- (Optional) CryptLock polls the Blockchain and alerts 3rd Party URL via a webhook when min_confirmation is reached.