Secure second factor authentication for custodial wallets

Secure second-factor authentication for custodial wallets

Institutional guardianship usually involves a large number of cryptocurrencies and usually belongs to several users. The total value of management is usually billions of dollars. Although the cryptocurrency key can be managed in a highly secure hardware security module (HSM), applications using API keys to interact with HSM are usually in environments where security is much less.

Second Factor Authentication

The Secret Zero Problem

If this application is not ordered or is compromised and the API keys are stolen, the custodian may see huge losses. This is an instance of the famous secret zero problem; although most secrets can be protected in a safe environment; at least one secret is in an environment that may be considered not safe.

The method of typical hosting wallet service providers to solve this problem is to provide a second factor authentication system. After the user starts the cryptocurrency transmission, please ask the user to enter the time -based one -time password (TOTP) generated by the identity verification applied app on the mobile phone. Google Authenticator and Duo are commonly used identity verification device applications.

In this article, I question whether this method is indeed safer, and whether this method solves the secret zero problem.

2FA isn’t helpful in insecure environments

In fact, the second factor authentication system is usually deployed in an unsafe environment. That is, they usually have the same environmental deployment as the back -end application of the HSM API key. If this unsafe environment is destroyed by an attacker or a malicious insider, you can use the HSM -managed cryptocurrency keys to sign a transaction, which may cause huge losses for the hosting wallet provider and its customers.

When the second factor authentication system is damaged, such incidents do have headlines. For example, recently, the second factor authentication system of the well -known exchanges has recently lost more than 400 users who have lost 30 million to 40 million US dollars cryptocurrencies. The transaction should be lost and compensated users. However, such incidents do damage the reputation of the company that aims to maintain the highest safety standards.

The problem is not the second factor authentication. 2FA is important. The question is how to implement and deploy the second factor authentication system. If the second factor authentication system is deployed in the same unsafe environment as the back -end application that controls Secret Zero, the security of the entire system has no qualitative improvement.

A better way to 2FA

What if we can do better? If we do not deploy the second factor authentication system in an unsafe environment, what should we do to deploy it in a safe HSM environment? This method has legs, especially if the code that can be deployed can be deployed; that is, the Rogue administrator should not be able to modify the second factor authentication code.

As mentioned earlier, TOTP is the popular choice of the second factor authentication system. TOTP is an algorithm that generates a disposable password (OTP). The password (OTP) uses the current time as a source of uniqueness.

When the user is registered, the authentication system generates a token and shares it with the user. This token is usually expressed as a QR code scanned by users using its Authenticator application. The TOTP algorithm depends on the fact that most computer systems synchronize.

Second factor authentication applications will share token and current time as input, and generate new TOTPs every 30 seconds. When an authentication is required to access certain functions of the authentication device, it will calculate the TOTP value and provide it to the authentication device. The authentication device also calculates the TOTP value, and then checks whether the TOTP value provided by the authentication is matched with the local TOTP value. If the value is matched, the protection function of identity verification is granted.

By deploying the code in the HSM boundary, it can significantly improve the security of the hosting wallet. This code realizes secure TOTP, secure key management and secure transaction signatures. Even if the back -end system of the hosting wallet is damaged, HSM will not sign a transaction. The transaction can only be signed through the user’s participation.

During the signature of the transaction, users provide TOTP, and the plug -in can ensure that the transaction is only signed only after verifying TOTP.

The new architecture is shown in Figure 5. Compared with Figure 2, the second factor authentication service is deployed in the safety environment of HSM. Even if the rear end of the hosting wallet is damaged, there is no user to sign cryptocurrency transactions without the user.


In short, the secret of the secret is a tricky issue. When it is essentially a holder of the holder’s blockchain -based assets, it shows the wealthy avatar. Once such assets are transferred, they cannot retrieve them through human intervention.

Under the hood, the second factor authentication system today is not as safe as it looks. The damaged 2FA system usually causes reputation. It is important to prevent this loss from the industry. You need to solve the powerful and practical solution of this problem. I proposed a solution that required cryptocurrency transactions, unless the user is in the cycle, it will never happen.


For more articles:


Please enter your comment!
Please enter your name here