Cerberus Wallet. Part 1. Concept
On an autumn evening, on the CoinList website, I discovered information about ChainLink + CoinList Hackathon, and after reading about the ChainLink project and imagining what great opportunities it opens up to the possibility of integrating the blockchain with information from the real world, I decided to participate.
While working on this project, I set myself the task of creating a product that could be potentially demanded by the widest possible audience. Of course, using smart contracts, you can easily develop complex financial services, however on me previous experience of promoting the Tokenstarter (tokenstarter.io) service (protecting the interests of investors by issuing options for tokens), which we developed with my team, I learned that it is extremely important to test hypotheses at the start and try to make a product as simple, understandable and user-friendly.
To find an idea, I decided to set myself the following restrictions:
- The product must be understandable and relevant to a wide audience.
- The product must carry value for the crypto community
- The product must pass a toothbrush test: “something you will use once or twice a day.”
After spending several days and making a list of possible ideas, I read facebook and stumbled upon a post of my friend that all his crypto assets was stolen:
Have you ever heard an adult uncle scream? And my neighbours heard. Not the most pleasant sight. You start to panic, hysteria, stupid. Despite the fact that in emergency situations you consider yourself a specialist, when it concerns you and only you, everything is a little different. Control is lost. Yes, this situation is not a matter of life and death (no matter how it may seem), but rather a matter of losing financial independence.
At the end of August, they hacked my computer and stole 99% of my funds. By the way … the most common compassionate question: “Well, how much?” \ “How many zeros — 1,2,10?” — do you have nothing to do? For your reassurance — there is not not 10, but not 1 either.
…
Everything happened like this:
In the morning, without doubting anything, I drank my portion of coffee (I lie, I do not drink coffee), and went about my usual business. For lunch, I made a DAI translation and exchanged them for ETH through the Kyber Swap on-line application. By the way, at first I sinned greatly on them. By the way, they didn’t answer so much.After 6–7 hours, I was going to make another transaction, and one of my wallets gave me a balance error. I tried more and more. No, he stubbornly said that there was nothing there. At that moment, I started to get a little worried, opened Etherscan and realized that there was definitely nothing there. More precisely on this wallet. At first I smiled and reloaded the page, then again. Then erased the cookies. Then, realizing that I’m nervous … in general, it does not matter. I realized that they took everything away from this wallet (not counting a couple of shit tokens that could not be withdrawn). In a panic, I wrote a cyber swap to both soap and twitter (they answered after 3 days to a letter saying that everything is ok).
And then the fun began. At first, I was sure that we were talking about one Ethereum wallet. But after 10 minutes, I (for security reasons) began to open others … and here, as they say, “I got bored,” or rather … no. Panic, hysteria … well, and all that is already described above.
After some time, I realized (well, or at least it dawned on me) that there was already nothing special to save. The rest of the evening I spent in a trance between this awareness and its absence.
This post gave me the idea of creating an application that can help any cryptocurrency owner to make its ownership more secure and avoid such situations.
So, briefly, this idea can be described as “two-factor activation for crypto transactions”.
Formulating the problem
Cryptocurrency security is based on the idea that only you have access to the private key. And indeed, today it is impossible to pick up a private key, knowing the public one.
Despite this, for daily transactions, you must store the private key on your computer or smartphone. Often, hackers gain access to a private key using viruses or trojans.
To ensure safety you must follow a lot of rules. One small mistake (for example, accidentally opening a file sent by e-mail) can lead to a complete loss of all crypto assets.
In addition, you cannot verify that your private key is cracked. Some hackers can store it and control your account to get the most money.
Solution
Two-factor authorization. In order to transfer funds, you need to confirm the transaction using the Cerberus Wallet mobile application within 3–5 minutes after it got into the blockchain. When the time is up, the smart contract checks the confirmation and sends the money only if the transaction has been confirmed.
This approach significantly increases the security of a crypto wallet, since two conditions must be met to transfer money:
- Know private key
- Confirm transaction using smartphone
In addition, if you receive a notification that someone signed a transaction using your private key, it means that your private key has been hacked. Unlike a regular crypto wallet, you can cancel this transaction and then transfer your money to a secure wallet or account.
Hypothesis test
Before implementing this project, I decided to test the idea on real users and conducted an interview with my friends, and was pleasantly surprised by the reaction — most of them spoke very positively, and most importantly said that they were ready to try MVP when it was ready.
During the interview, I collected several more insights:
- It’s important that the project is open source — it’s easier to get trust
- It is important that the binding to the phone number is not used — not everyone is ready to associate themselves with wallets
- Using the email confirmed that ok — it is important that you can also receive notifications from transactions on it.
In the next article, I will talk about the development of a smart contract and why a reliable ChainLink oracle system is crucial for this solution.
Stay tuned!
All Cerberus Wallet articles:
Part 1. Concept
Part 2. Development of a smart contract and external adapter for ChainLink
Part 3. Designing a mobile application
Part 4. Backend
Part 5. Demo wallet
Part 6. Conclusion. Future of the project
About Cerberus Wallet:
Cerberus Wallet is open source project which adds two factor authentification for your crypto wallet. Even if your private key would be stolen, hacker would not be able to transfer your assets without your confirmation.
This application was designed from scratch especially for Chainlink + CoinList Hackathon.
Official site: https://cerberus.ledger-labs.com/
Video presentation: https://www.youtube.com/watch?v=4S8OyUf7cIA
If you like this project, please vote for it: https://coinlist.co/build/chainlink/projects/44b65d6e-02f3-40de-b3cc-40d905da76cf
Join Cerberus Wallet team:
CerberusWallet is an open source project. If you are interested in join the team, please contract me at t.me/@mikael_l. Together, we could create a much-needed technology and make crypto currency safer.