Crypto Bank
At this thought he was overwhelmed by such fear that he suddenly sat bolt upright. Then began to laugh.
In the world of digital assets and cryptocurrencies, a private key is the cornerstone that provides control and security of the assets that are assigned to it. Since the management of digital assets is completely controlled by cryptographic keys, the loss of the latter equals the loss of the asset itself (in the case of cryptocurrencies, there is no responsible party that can restore access to funds).
Software wallets
Hardware wallets
Theft of wallet file
The wallet file can be stolen by a malicious program or by someone, who has access to the computer. Even if the wallet file is encrypted, you can just lose it (other case - password for encryption could be logged by the malicious program).
Fake wallet
Fake wallets imitate the work of the real one. As soon as the user installs the wallet and enters his seed phrase / imports his keys, the fake wallet sends all funds to the attacker address / account.
Backdoors (deliberate and accidental
You have to trust your wallet manufacturer and in the best case to perform the audit used software. In practice, the best software in this regard is open source software with a lot of collaborators.
Phishing (for web wallets):
facebok.com, fasebook.com and 100 different close combinations. Facebook has thought about a solution to this problem. What about the producer of your wallet
Other PCs using
Have you already conducted the audit of your wife’s PC?
DNS hijacks (for web wallets):
Host substitution (redirecting or blocking pages) can lead to the attacker’s web page (it can be performed by substituting the «host file» on the PC or changing the DNS server record - the latter is more difficult, but potentially possible)
Bookmarks changing (for web wallets)
This is a very primitive and funny (for those who were not so attacked) way, which consists in using malicious code that changes the link of your bookmark in the browser
Clipboard and buffer hijack:
in this case, there are 2 types of attacks. The first is related to the fact that a malicious program can log all user actions (and potentially this can lead to theft of a password or key if it is entered or copied). The second vector also consists of buffer control - in the case when the user copies the address / account ID of the recipient, the program automatically changes it in the buffer (to the address / account ID of the attacker)
Theft of wallet file
The wallet file can be stolen by a malicious program or by someone, who has access to the computer. Even if the wallet file is encrypted, you can just lose it (other case - password for encryption could be logged by the malicious program).
Theft and losing:
The most popular way of losing funds by end users if the keys were not previously reserve
Preconfigured device:
Classic attack vector for hardware wallets: the wallet comes already “pre-configured” by the attacker. Using this wallet can lead to the funds losing
Hardware manipulation
Controlling the display of a hardware wallet is a more complex task (then for example buffer controlling) but not impossible
Ransom attack
The attack is based on the fact that the modified wallet generates an address that belongs to your private key, but was chosen very randomly (a large index value is used to generate the key). As a result, if you restore the wallet, you will not immediately be able to access your coins (you must first know the index used to generate the corresponding keys)
Naturally, this list is not exhaustive. We have shown only the most basic attacks (and some very interesting ones) to emphasize the importance of choosing wallets and their management mechanisms.
Maximum emphasis on security
Crypto custodial services solve the problem of storing keys and restoring access. In fact, such services fully control cryptographic keys, and provide customers with a mechanism for communicating with the service itself. In order to initiate a transaction, the client requests the service with the corresponding request. The request is processed by the service and the bank itself signs the final transaction
High security of keys.
The cryptobank service directly specializes in ensuring the security of stored keys. Such services often use HSMs and a multi-signature mechanism to minimize the risks of hacking and crashes. Additional backup mechanisms eliminate risks in the event of a server denial of service, etc.
A simple mechanism to restore user access.
Losing passwords (or something else depending on which authentication mechanism is used) does not affect the loss of access to keys by the service.
Possibility of regulation at all stages of operation and ease of connecting monitoring tools.
Since, each transaction must be signed by the custodian on the basis of a request received from the accounting system, at any stage of the request confirmation (in case there are any suspicions), it can be stopped and processed manually by the responsible administrator.
GK8 is using a high secured cold wallet (without any external connections - only data receiving ability) for keeping the main part of funds. They are using the additional hot wallet for management of moderate amounts and support users and limits management, whitelisting and auditing options as well as integration with 3rdparty KYC/AML services.
Curv is a cloud-cased wallet service that provides an opportunity to flexible employment of the end infrastructure - a combination of approaches to business requirements satisfying. The solution also provides the ability to full managements of end users (flexible policies setting on the users with different categories) and API integration with needed services.
Solaris stores assets in a distributed manner by using the threshold signature scheme (multiparty computation) to avoid any single point of failure. An internal system performs off & onchain transactions. The solution is integrated with Solarisbank’s KYC for identity and monitoring end customers
Gemini provides offline storage systems with multisignature supporting, role-based governance protocols, and multiple layers of biometric access controls and physical security to safeguard customer assets. Process of user’s management presumes mandatory whitelisting and customizable approval processes for withdrawal operations.
Gemini custody
They are offering a single infrastructure for hot and air-gapped wallets. It combines tamperproof hardware with advanced key management options in a unified hot-to-cold storage solution and offers sophisticated access rules to all entities and functionalities of the platform (risks and workflows controlling for transaction execution and administration). Finally, it is able to integrate KYC providers from the provided list.
Anchorage solution actually provides cold wallet management technology and allows customization of the solution for individual needs of particular business. Supports API integration with existing tools and solutions. A feature of the system is the flexibility of asset management policies: setting up high-level logic of accounts, separated storage management, etc.
They are using a combination of the cold and warm wallets certified by US-governmental and banking standards. Tangany is supervised by the German Federal Financial Supervisory Authority. They offer a white label frontend and are more focused on Bitcoin and Ethereum ecosystems
This solution also presumes the use of cold storages to manage assets. The solution emphasizes the greatest emphasis on ensuring the security of the process of information storing using technical (physical protection) and cryptographic methods (multilayer encryption)
he HexTrust solution allows configuring several wallets (with different types) for differentiation of access policies during access to the funds. There are several levels of security in these wallets: from wallets that use distributed shared secrets with instant (relatively) access to cold wallets with insurance and multisig access models.
The approach presumes that keys have to be protected using Shamir’s Secret Sharing algorithm and multi-signature signing of transactions (for all supported cryptocurrencies). Falcon solution has an insurance policy issued by a major Swiss insurance provider for cases of crypto-relevant risks including professional indemnity, crime and cyber security breaches
Access Control
List of custody service administrators with their permissions and weights. Access to the wallets and their backups can be performed only by designated administrators
Set of gates with different systems (including bank and external systems - depends on keeped assets). This module also performs the initial validation of the client’s request and protects other components from external attacks. As an additional module can be used the software of the external system (auditor-node) for audit and communication with the external system.
Key Storage
Set of the wallets with assets (cryptocurrencies, digital currencies, tokens etc). Different services may use various wallets, methods of distributing funds on these wallets, as well as backup and recovery mechanisms
Regulative Tools
Perform the validation of clients’ requests. An operation / transaction can be processed by administrators and confirmed only if it has passed an approval of this component. Transactions with different values may require different confirmation procedures from this component and be processed differently
Each of the solutions we mentioned above definitely has very strong points on which it focuses, but none of them provide flexibility in building all the components of the system.
As the analysis of existing solutions on the market shows, each of them provides for an emphasis on certain properties offered to the end consumer. Some of them strictly focus on the security of storing keys, and have a rigid storage architecture that does not allow the end users to adapt it to their needs (for example, they imply cold storage from which a hot wallet can be replenished for a small amount), while allowing integration with external KYC providers.
Others have the opposite situation - they have a set of different solutions / wallets, with different levels of security, but the centralized KYC provider is a certain bank.
The key feature and thus the overall product vision of the proposed solution is the full management of the ultimate custodian of the system:
Choose any type of wallets
their required number and the ratio of funds that will be stored on them (independent distribution of risks and convenience)
Choose a wallet administration option
the use of multisignature, threshold signatures and other tools for diversifying responsibility
Choose a backup method
(as an example - creating a shared secret, encrypting keys from wallets with it and sharing between any number of administrators with different weights)
Provide the liquidity
to DeFi protocols with ability to return dividends to consumers
Create different pools
with assets for derivatives creating
Perform micropayment
between own consumers with zero fees and external transactions
Key storage component
Choosing wallets and funds distribution
The main element of the funds storage system is the wallets. The architecture and principles of functioning of wallets have been described above, so let’s move on to the mechanism for selecting them. Since we focused on the flexibility of the solution, the choice of wallets should be based on the decision-making model depending on the business requirements. That is, the owner of the final system can choose the optimal solution for each of their stored digital assets.
40% of funds were stored on a 3-of-5
multisig address and all keys for multisignature were stored in cold wallets;
15% of funds were stored
in HSM and required a 2-of-3 multisignature;
3% of the funds were stored
on HSM and only 1 signature was required to unlock it;
2% of funds were stored
in a hot wallet.
A separate issue that needs to be resolved when building a key storage component is their backup. In this case, there are also cryptographic tools that allow you to ensure the confidentiality of keys and assign responsibility when gaining access to them.
A new secret
is formed, with which the keys for multisignature are encrypted.
The encrypted keys
are stored in a storage (preferably in several different storages). In this case, if one of the administrators loses the private key, the system owner can generate a shared secret (having a part of the secret provided by another administrator) and decrypt the required key with it. After that, a multisignature can already be generated and the funds can be unlocked. Again, this flow shows how this interaction can be organized and that such a possibility exists - however, the requirements and mechanisms for solving such problems will proceed from the requirements of a particular business.
The secret is distributed
The secret is distributed among 3 different participants using the Adi-Shamir key distribution scheme (administrators and owner) with the required 2-of-3 threshold.
Access control component
In addition to the software and hardware for key management, crypto banks must provide functionality related to the administration and regulation of the system (a
set of policies and mechanisms for their implementation)
as well as communication with the necessary accounting systems and services. That is, in fact, wallets are only a functional part of the service.
Key storage component
Communication module with external system
Regulatory tools
Access control component
Cryptobank maintains specialized equipment to provide cold storage of keys. Such hardware complexes can be located in bank branches with the ability to gain access to users who have passed multi-factor authentication (and physical presence). Cold storage is dedicated to storing large amounts of digital assets.
How It Works
Providing cold depositing function
Managing any types of wallets (hybrid approach)
Funds losing risk diversification
High level protection of users and funds administration
Multisignature and shared secret schemes (including weight-based)
Anchoring to public blockchain for irreversibility achieving
How It Works
Role management
Account is the primary unit on the asset management platform. Each operation in the accounting system is associated with an account that has initiated it. Each user in the system owns a key pair: public key which acts as an account identifier and private key which gives access to perform operations in the system. Each account is associated with a specific role it can perform in the accounting system. All operations related to an account—creation, update, deletion—must also be initiated by transactions and signed by a user with appropriate permissions.
Integration with needed payment solutions and gateways
Deposit and withdrawal functionality is one of the most requested ones on the asset management platform. To implement these functions, the system must have an external systems integration module (or a set of modules). The purpose of this module is to mediate between the platform and external financial systems.
How It Works
Integrating with any KYC and AML solutions that support API
Cryptobank presumes a separate module which is responsible for storing the KYC (know your customer) data, and it is called Identity Storage. Who has permission to operate with Identity Storage is specified via keys given to the system admins—-to prove their permission, an admin provides the corresponding signature. In order to integrate the accounting system with external compliance solutions (e.g., IdentityMind, IDnow, etc.), a «bridge» module needs to be developed. Further in the text, we will appeal to it as ESIM (External System Integration Module).
Monitoring all income and outcome payments due to existing policies
In the same way, integration with external compliance services can be carried out. Each deposit and withdrawal operation can be checked for the origin (or recipient) of funds. Services such as Chainalisys and Crystal provide an API. It turns out that for each transaction, you can contact one of these services, get a risk assessment and decide on its confirmation.