How we’re making Newton secure

Dustin Walper
May 15, 2018 · 6 min read

Newton is Canada’s first commission-free cryptocurrency brokerage. In this article, we’ll explore some of the techniques we’re using to keep our users’ funds safe.

Image for post
Image for post
From the always-relevant XKCD

Storing the private keys for large amounts of cryptocurrency on behalf of users can quickly make you a target. And not just to Russian hackers — robbery attempts (e.g. the $5 wrench technique) are not uncommon.

It’s a responsibility we take very, very seriously.

While for obvious reasons I won’t describe our entire security protocol, I’d like to highlight a few of the things we’re doing to make Newton secure to all kinds of attacks — whether they be electronic, social engineering, or physical.

Security isn’t all-or-nothing. Instead, it involves recognizing potential risks, understanding their severity, and finding a balance between rock-solid security and good user experience.

NB: I’ve taken some liberties to simplify the language in this post in the interests of accessibility — when I say ‘account’, this could mean either Ethereum-style accounts, or it could mean Bitcoin addresses.

Cold Storage — Easy to say, hard to do

In the early days of cryptocurrency, many exchanges did a stupid thing — they put private keys on servers connected to the internet. Like the combination to a safe, private keys allow the holder to unlock and spend any funds “stored” in a particular account.

Unsurprisingly, storing private keys on internet-connected servers resulted in a lot of pain — by exploiting vulnerabilities, hackers located thousands of miles away from these servers were able to make off with hundreds of millions of dollars worth of cryptocurrency.

It has become common practice today to store private keys in “cold storage”, meaning completely disconnected from the internet. But how does this work in practice? Here’s how we do it:

  1. Generate private keys offline and keep them there. Private keys are really just long, unguessable sequences of random numbers and letters. Thanks to the mathematical properties of public-key cryptography, those private keys need never touch the internet — they can even be kept entirely on paper. Those keys can then be used for two things: a) to create public addresses you can use to receive funds, and b) to sign transactions allowing you to spend those funds.

In practice, while most funds are stored in cold storage, we keep extremely small amounts in internet-connected wallets so users can withdraw crypto without manual intervention. We operate under the assumption that these funds are vulnerable, and should never be worth enough to be catastrophic if stolen.

Oh, and we never, ever store private keys in our office (I’m looking at you, would-be attackers).

Protecting User Accounts

What if an attacker is simply able to sign in as a user and request a withdrawal of their funds?

Fundamentally, our choice to go mobile-first with Newton was driven by security considerations — mobile devices, and iPhones in particular, have better security features than most PCs. Apple’s Secure Enclave, for example, is a dedicated hardware chip offering rock-solid security not found in most laptop or desktop computers. Paired with TouchID or FaceID, it’s possible to store sensitive information in a way that’s extremely difficult to compromise (even by the FBI).

We do a couple of things to make account hijacking difficult:

  1. Two-factor authentication. Two-factor authentication pairs something you know, your password, with something you have, your phone. It ensures that someone else can’t login with your account without also having physical access to the phone. This is a critical feature in an era of bulk password theft and one we make mandatory on all Newton accounts.

Because information security is a moving target with new vulnerabilities being discovered all the time, this is an evolving process — we’re constantly thinking about all of the ways smart hackers might try to compromise our security.

There is no such thing as a “perfectly secure” service, and so wherever possible we also think about how to store less information so there is less to compromise in the event of a successful attack.

Parting Notes

This is by no means an attempt to extensively document our procedures and protocols — merely to offer a glimpse.

We welcome any and all feedback and suggestions on things we can do to improve our security. Our belief is that great security and great UX can and should go hand-in-hand.

Oh, and if you made it this far: our first round of beta invites will be showing up in inboxes within the next 10 days! Mwah.

Stay tuned.

Newton Crypto

True facts about the cryptofish.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store