Automata Network
Published in

Automata Network

Not your 2FA, not your coin

There is nothing more certain in crypto than the next exploit waiting to happen.

Shocking headlines somehow feel bizarrely routine. At this point, the cost of doing business starts to feel more like an inevitable risk. There is a whole industry made out of post-mortem reports with its rotation of industry-specific jargon to explain what’s going on, code reviews for when exploits eventually occur. What happens when code is used as it’s written, but not as it’s intended?

No protocol is 100% safe

Private keys can be stolen. Or compromised via a backdoor. Bridge hacks threaten the very ecosystem they support with the possibility of leaked keys. These scenarios have resulted in hundreds of millions of dollars being drained from the coffers of public blockchains and user funds.

If the idea of granting pre-approval for a smart contract to access any amount of your coin doesn’t ring alarm bells, perhaps the tale of a certain Jhon Doe will, who woke up one morning to discover half of his UNI tokens missing. Infinite approval meant that predators made quick work of transferring funds without him ever signing a transaction. Much of the problem is that users are complicit in approval without proper comprehension of the risks they’re exposed to, as previously encountered by Bancor and Multichain.

The strange, whirlwind experiment that is blockchain is also not immune to social engineering attacks, as some unfortunate NFT owners discovered after falling victim to a phishing scam and taking to Twitter to air their woes of having their NFTs stolen.

Rethink the status quo

In the above we have given real-world examples to show how either spectrum — either an over-reliance on code or human action — can lead to suboptimal outcomes. What’s an effective implementation that balances the two, and is simple to understand?

All sorts of applications today — from online banking to exchanges such as Kraken — recommend using 2FA for an added layer of account security. But it is no easy task to enable support for 2FA verification on public chains. Principle among these is the security of the secret seed that — for the 2FA to work as a digital security measure — has to be based on the strongest security guarantees.

That’s exactly what we are doing with 2FA Guru.

The last line of defence

2FA Guru is EVM-compatible and integrates with dApps across the full spectrum of security assumptions, from storage of 2FA secret seeds, to calculating 2FA verification and generation of the 2FA signature proof.

Its fully secure and shielded design affords users precious peace of mind — attackers simply cannot squirrel away their assets even in the case of losing private keys, careless user authorization, or commonplace phishing scams. 2FA Guru fits seamlessly into users’ workflow by working together with tools and managers such as 1Password, LastPass, and more.

You’ve heard about 2FA. Now meet 2FA Guru, and join the likes of zkSync, Polygon Studios and Celer Network as its first users.

About Automata

Automata Network is a decentralized service protocol that provides middleware-like traceless privacy services for dApps on Ethereum and Polkadot to achieve privacy, high assurance, and frictionless computation.

Website | Telegram | Discord | Twitter | Github

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store