EvoNodes Weekly 3–21–19
You all have seen me around right? My name is Tech, and I am the one that stubbornly points you to the #help-desk every time you have a question ;)
I have kidnapped Smokey, locked him in a closet, and I am officially taking over this week’s EvoNodes Weekly! Muahahaha! No seriously, Smokey is fine and he is safe at home (I assume), but this week’s topic is more in my wheelhouse, so let’s get to it shall we?
This week we would like to elaborate on our security setup, and explain why we believe, we have the most advanced security setup of any shared masternode service out there. Do not get me wrong, we do not think that we are invulnerable, however, we continue to improve on our security in an attempt to always be a step ahead of our competition, after all, this IS EVOlution!
Let’s start with our basic setup. We run 5 servers, one server that runs our website and dashboard, a database server, a deposit server for all your unique addresses, a Proof of Stake server and an application server that updates all the values within our platform.
All off these online platform servers are on their own private network, and they can only communicate with each other if they are on this private network.
Next I want to walk you through all the steps that the platform will go through when you as a user will deposit your coins, back to withdrawing them.
So let’s say that you decide to deposit some coins on our platform. You choose your coin, join the pool for that coin, and then you will be assigned a deposit address. These are full blockchain addresses running in a hot wallet. There will always be a small part of a system that needs a hot wallet, because manually processing thousands of transactions per day is not something you want to be doing by hand. (Trust us! xD)
The biggest flaw that we saw with other services, is that they have a big part of their user’s portfolios held in hot wallets in order to provide instant withdraws. We see this as a huge security risk. We understand the attraction of Instant Withdraws, but we find that security is more important overall. Therefore, we only keep a very small amount of coins in hot wallets to accommodate small withdraws. All coins are moved from hot to cold wallets when they hit a certain threshold, usually when a hot wallet hits 100 coins or so, or less for more expensive coins, the coins are moved automatically.
The hot wallet sends the coins to a cold wallet, these are the same wallets that we use for staking. This is where our cold wallet setup comes into play. This is a wallet file with only 1 address in it, that we use for staking, and sending coins to masternode addresses. This wallet is encrypted with a 256 Bits wallet passphrase. This wallet runs with staking only activated on the proof of stake server. Which is a local machine, only accessible through my private network. All wallets on this server are fully contained within their own environment. These wallets do not have any access to other wallets. And therefore, no malicious wallet will ever be able to drain the funds from other wallets. The containers are protected by Microsoft Azure Active Directory with 2FA enabled.
Masternodes addresses are separate from the staking wallet, and are located in another cold wallet on another local machine, located on another subnet than the staking server, to fully isolate both from each other. This machine has the same level of protection as our staking server. All wallets are fully contained within their own environment, have a 256 bits and also protected by Microsoft AAD with 2FA. These wallets are used for setting up the masternodes, and sending coins to the staking wallet in order to provide optimal staking rewards for hybird MN/PoS pools.
The masternodes wallet only has to be run when sending coins to the staking wallet, a masternode/s needs to be setup, or destroyed in order to accommodate a users withdraw.
So lets say you as a user requests a withdraw, this is the process I go through before the coins will be send to you.
I will open up the proof of stake server and open up the container that has the correct wallet for the withdraw. I will send the coins from this wallet to our deposit wallet that will send the coins to the address you requested. The wallet will then be opened again for staking only.
If there are not enough coins in the Proof of Stake wallet, I will open up the masternode wallet container, break a masternode, and send the coins to the proof of stake address, which then will be used to send the coins to the deposit address for further processing. Any leftover coins will then automatically begin staking again.
All machines have Bitdefender enterprise security software installed, this has been configured by me, to even prevent me, from sticking an USB stick into my own machine, that I have right here next to me. All local machines have been protected on a hardware level with the Trusted Platform Module combined with Bitdefender decryption key that is embedded on the motherboard to prevent hardware changes from taking place.
So even if you would physically steal the machine, you will not be able to access any files unless you have my 256 Bits AES decryption key. All our decryption keys ( wallets and all other services ) are unique, not a single key is reused for any other wallet or service.
The cold wallets are 100% disconnected from our platform, we run all our queries for masternode status, rewards for masternodes and stakes from the blockchain itself. So even the full Evonodes platform, does not have access to the cold wallets.
This is only the broad explanation of our setup. There are a lot more details that further strengthen the security of our platform, as well as to help prevent user errors. We are adding new security checks and features almost daily, but that will require a full whitepaper to explain :D
I hope with this info, you will get a better understanding on what we feel is a pretty “decent” security setup. We will be migrating to even heavier security layers in the near future, one of them being full multisignature wallets created on a sandboxed, air-gapped machine. Another is full paper backups, in a security vault, in case something would happen to us, so that a legal entity (lawyers, ect.) will have access to the funds so that they may be returned to their rightful owners!
Before I go I want to share with you this lovely graph we have put together to give a visual to the statistics we post each week.
Active Users: 739
Discord Members: 842
Masternodes Online: 782
If I decide to let Smokey out of this closet, he will be back next week for another EvoWeekly! xD Until then, have a great week, and Happy Staking!