If you know the crypto industry well, you will agree that any centralization — however convenient — negates all the “crypto” benefits. Any wallet that lets anyone else but you store your keys is no longer really yours. That’s right, and this is actually a quick test for evaluating any crypto project. Is it centralized? Forget it! No? You can have a look.
Now there seems to be a compromise.
Today we’ll talk about a Bitcoin/Emercoin web wallet created by Aspanta. They tried to combine the uncombinable — let’s see how well they did.
DDoS as much as you want
Emercoin One’s “invincibility” starts with the standard approach: it runs on Angular2 and behind CloudFlare. The next level involves physically splitting Emercoin One’s components into five independent servers: front end, back end, SQL, and separate Bitcoin and Emercoin wallets. The first three are automatically and massively scalable to withstand any attack. Only the front-end server has an external IP addresses, while others are placed somewhere deep in the company’s infrastructure, behind seven seals and eight locks.
Steal, break, brute force!
Of course, any software might have unexpected vulnerabilities that will let hackers get to the front-end server and dump the database. But even if the users are generous enough to set a password with a known hash, the attacker won’t get any critical data. They will find out the balance and the list of NVS names, but they won’t be able to do anything with this information. This would require knowing the spending password, and it is not stored at the front-end SQL server.
Neither it is possible to get from the front-end to the back-end server: There is simply no module responsible for logging in — while there is one tracking such attempts and turning on an alarm if a brute-force attack is detected.
In addition, the health and safety of all those servers are monitored in real time.
Of course, when you create an account, Emercoin One checks whether the password is secure enough. However much you want to set the account password or the spending password to “qwerty”, the app won’t let you do this.
The system can also be accessed via an API, and the developers may let users sell/buy coins right from the wallet in the future. The core is already written in a way to support this extension.
Thus, the creators have done everything they could to minimize the main risk that any crypto project faces, which is that its users’ money will get stolen.
Finally, Emercoin One has an iOS client, which allows you to access the same account/wallet and manage your coins either from your iPhone or via the web.
Emercoin One website: wallet.emercoin.one
Mobile app: see App Store