The paramount role of Security

Along with the advancement of online funds’ management the methods of malicious attacks and electronic money fraud have also evolved to higher degrees - spoofing, hijacked messaging services and cold wallets, fraudulent browser extensions, malware infected machines, infected computers, hacked servers and software, etc. Digital Wallet Security is crucial to prevent such scenarios from developing. Moreover, completed cryptocurrency transactions are irreversible, so customers must be aware of their security options. That is why we at Crypto APIs have designed our WaaS in the most secure way possible.

Our Security Elements

Many Signers

Unlike other methods the MPC technology we have incorporated works with a “group of signers” - a set of parties who jointly compute a function with their inputs in order to provide both a successful and secure outcome by using their key “shares”. Each member of this group can be a backup, a security measure and a partner to the others for the correct and secure transaction management of their Digital Wallet.

Learn more about MPC

Distributed key generation

The MPC technology works with the Threshold Signature Scheme (TSS) - a process which utilizes Distributed Key Generation (DKG). Through this process no more than a single key is used. Instead of separate private keys like in the Multi-Sig method, each signer possesses a “key share”. Through this DKG signing transactions becomes more secure, more private, and all based on cryptography off-chain.

Learn more about MPC

Approvals

Approvals are fast and asynchronous and happen independently from other members. There is no specific order of approval to go by. After a transaction is authorized by all approvers based on the specific rules applied, then can the processes of preparing, signing and broadcasting of the transaction be set in motion. An Owner can invite as much approvers as they want to the system. Various rules could be set for the different cases based on which all approvers will need to sign off on any outgoing transactions. Approving transactions is available from within the Crypto APIs 2.0 Dashboard or our mobile application.

AML/KYT

We also incorporate a KYT/AML functionality for both deposits and withdrawals with the assistance of specialized 3rd party providers. Through it transaction data can be analyzed to identify any unusual behavior or potentially risky transactions. Based on the provided score from the 3rd party provider the action to take could be adjusted. Through this suspicious transactions, fraudulent deposits, and potential breaches can be eradicated.

Insurance

Despite the MPC and TSS authorization methods being as strong and secure as they are, possessing various levels of safety measures, unfortunately there is still always a chance of something going wrong. For the purpose we have provided and additional security option - Crypto utilized through Crypto APIs 2.0 can be insured through 3rd party providers.

Whitelisting

Whitelisting is a very useful feature to have as with it users can specify allowed addresses or entities access and privileges that otherwise others would not have. Easily whitelist addresses in Crypto APIs Wallet as a Service and have additional knowledge and control over transactions and their destinations.

3rd Party Escrow service

MPC eliminates the need for private keys and distributes the Wallet processes and hence - the risks, among multiple nodes/signers. But what if one of those loses their key share? As a solution we have included the services of a 3rd party escrow provider. It serves as an additional layer of sustainable security and emergency service. As a backup, it can provide a public key to encrypt the recovery service. Moreover, in case a key share is lost from either side, the 3rd party escrow service can assist in restoring it. Most importantly, this provider will not have access in any way to the majority of keys which means the 3rd party provider can never sign a transaction alone.

Disaster Recovery Open-Source Tool

Our WaaS is designed in such a way so that customers can be able to make transactions during any circumstances. To make it more efficient we have developed an open source tool which can be used in case of an emergency or disaster. Our Disaster Recovery Open-Source Tool is located in GitHub and provides an emergency transaction availability in case Crypto APIs for any reason is not online.

Data Privacy

Data privacy is one of the most vital parts of the internet flow. Everybody using services online wants to make sure their information remains safe and cannot be leaked. Thanks to MPC, no data is shared between the nodes in Crypto APIs WaaS, and no data is leaked. Moreover, after a transaction there is only one generated signature. So your data remains safe and secure.

Security & Certificates

We perform regular security audits by 3rd party providers, security checkups and pen tests. Monitoring and maintaining the correct operational abilities of the WaaS is top priority. We are currently obtaining additional certificates and pending SOC II type certification.

Useful Products

  • Wallet as a Service

    Wallet as a Service

    Using digital assets has never been easier. Crypto APIs’s Wallet as a Service is a scalabl...