Tech Deep Dive: VeraWallet Security Features

VeraWallet is a simple and secure wallet to earn, buy, store and stake VRA, trusted by over 300,000 active users. But did you know that it’s also one of the most secure cryptocurrency wallets in the industry, with five years of continuous operation?

In light of recent exploits in the crypto space, the Verasity team is pleased to share our security strategies and features with our VeraWallet users. We deploy a combination of sophisticated security features, backed and audited by our expert developer team, to ensure user funds are secure at all times. In this article, we’re going to review these security features in greater detail.

We’ll start by discovering how we monitor and identify threats, before taking a closer look at how we prevent attacks, block stolen funds, and finally we’ll explore how you can stay safe in our ecosystem.

Continuous Threat Monitoring

The first step in VeraWallet’s security protocols is threat monitoring. To ensure a high level of security, VeraWallet constantly monitors a wide variety of factors to detect any suspicious activity happening within user wallets. While the exact details of these factors are intentionally kept undisclosed to prevent bad actors from finding ways to exploit the system and bypass security measures, they involve detection methods for suspicious activity such as activity analysis, frequency capping, blacklist matching, and more.

When our automated system spots any unusual or suspicious behaviour, the affected accounts are locked, and then subjected to a thorough manual review process. This involves a dedicated team of our developers who meticulously examine account activity and associated transactions to determine whether the detected behaviour poses a genuine risk, or if it’s simply a false positive.

The manual review process not only adds an extra layer of security but also helps refine the automated tracking system, by providing valuable insights and feedback. This combination of advanced automated tracking and human-led manual reviews ensures that VeraWallet offers a secure and reliable environment for users to manage their VRA — while the majority of users will never encounter an account review as these processes happen in the background.

Cold Storage and Two-Factor Authentication

One of the key security features that sets VeraWallet apart from other wallets in the space is its use of cold storage.

Cold wallets are a form of offline storage for cryptocurrencies, where tokens are stored on a device that is not connected to the internet or any other networks. This method of storage ensures that 99.9% of the time, tokens are disconnected from the network and effectively isolated from any potential attacks, such as a malicious actor looking to drain funds. This creates an additional barrier for would-be attackers, making it extremely difficult for them to access users’ funds.

When you deposit VRA into VeraWallet, it is kept in cold storage. It is not kept in a hot wallet or otherwise connected to the blockchain.

When you do come to access your VeraWallet account, you’ll also be required to enable two-factor authentication, or ‘2FA’, using a supported authentication app. 2FA is a security method used to add an extra layer of protection when accessing sensitive online accounts or services.

2FA requires two separate forms of identification (factors) to verify a user’s identity before granting access. The idea is that even if one factor is compromised (e.g., a password), it would be much harder for an attacker to gain access without the second factor. By using 2FA, you significantly reduce the risk of unauthorised access to your accounts, even if someone manages to obtain your password.

So, not only is VRA protected by cold storage solutions, but to access your wallet you’ll also need to provide authentication through 2FA.

Important Notice: You must back-up your 2FA codes in case you lose access to your 2FA app. Failure to do so could result in you being permanently locked out of your VeraWallet account unless you can provide photo ID to prove your identity.

Systems Health Monitoring

Our developer team manually addresses every incoming security threat report, no matter how small, which has led to a number of potential security vulnerabilities being identified and patched before they can be exploited.

This is in addition to regular systems health monitoring, a process that uses software tools and algorithms to automatically evaluate the security of VeraWallet and our systems.

Automated security audits and systems health monitoring are an essential component of VeraWallet’s comprehensive security strategy, as they can quickly identify and help address potential weaknesses.

Blocking of Stolen Funds

In the event of any unauthorised access or theft from other third-party wallets or exchanges that trade or hold VRA, VeraWallet has implemented an advanced smart contract system designed to automatically block stolen funds.

This feature promptly blocks any wallets found to be holding stolen VRA, ensuring the security and integrity of our entire ecosystem, and preventing these bad actors from utilising our staking ecosystem. This feature also disincentives bad-actors to steal VRA, or to move stolen VRA into our ecosystem.

Attack Resistance

VeraWallet prides itself on its attack resistance. For example, the longest DDoS attack attempt lasted for 21 days. A Distributed Denial of Service (DDoS) attack is a cyberattack where multiple computers, controlled by an attacker, flood a website or online service with a large amount of fake traffic. This overwhelms the targeted system, causing it to slow down or crash, and makes it difficult or impossible for legitimate users to access the website or service.

We successfully managed to avoid any damage during this prolonged attack, and we have protected ourselves against a multitude of other similar attack attempts that happen during our normal operation. This ensures you always have full access to your funds and our systems aren’t overwhelmed in an attempt to gain access to your wallets.

Know Your Customer (KYC) Procedures

Know Your Customer or ‘KYC’ procedures are essential for VeraWallet to confirm the identity of our users and maintain a secure, compliant environment. By collecting and verifying personal information and identification documents, VeraWallet can prevent fraud, money laundering, and other illegal activities, while ensuring compliance with regulatory requirements.

However, it can also assist us in rejecting users that are either known bad actors, have affiliations with hacking groups, or are linked to foreign adversaries and jurisdictions that are sanctioned or have a high degree of state-sponsored cyber criminality.

Wallet Withdrawal Periods

VeraWallet uses a time-delayed process to approve withdrawal requests from VeraWallet. This process, while introducing a small delay in the time it takes to move funds from VeraWallet, is one of the most important parts of our security procedures.

If a bad-actor gains access to your wallet through social engineering means, for example phishing for your password or gaining access to your email accounts, our withdrawal delay feature gives a period of time in which you could theoretically identify and prevent your wallet being drained of funds.

More importantly, however, if an attacker were to gain access to VeraWallet systems in an attempt to drain funds, there would be a delay in the withdrawal of funds to their own controlled wallet. Not only would this enable our developers to identify and block the attempt, but it also makes VeraWallet a very unattractive target for would-be attackers as they would not have immediate access to stolen funds. Therefore, our time-delayed wallet withdrawals are one of the foundations of our security features.

Mitigating Personal Risk

Unfortunately, most user losses are as a result of inadequate security measures to protect login information and safeguard your 2FA code or personal information. If funds are taken from your account through these means, there is absolutely no way for your VRA to be retrieved — even by the Verasity team.

This also applies to VRA you have sent to wallet addresses outside of the VeraWallet ecosystem. Remember, Verasity will never ask you to send us funds. Giveaways that promise you crypto, or claim to double your funds in return for sending a sum of VRA, are always a scam. Always ensure accounts you receive Verasity information on are official. Check out our links at the bottom of this article for a list of official Verasity socials.

Let’s discover some of the ways you can mitigate risk while using VeraWallet:

1. Enable two-factor authentication (2FA): 2FA is mandatory for all your VeraWallet accounts, but you should also ensure you use 2FA on related accounts such as email and exchange accounts. This adds an extra layer of security, making it more difficult for attackers to gain access.
2. Be cautious with emails and messages: Be wary of phishing emails and messages that appear to be from legitimate sources but ask for your personal information. Always double-check the sender’s email address and never click on suspicious links.
3. Use strong, unique passwords: Create complex and unique passwords for each of your accounts, and avoid reusing passwords. Consider using a reputable password manager to help you securely store and manage your passwords.
4. Regularly update software: Keep your operating system and antivirus programs up to date. This ensures you have the latest security patches and can help protect your devices from vulnerabilities, for example spyware and malware that may log or steal your personal information.
5. Verify addresses carefully: Before engaging in any cryptocurrency transactions, always verify the receiving address carefully. If you enter an incorrect address, we cannot help you retrieve your funds. They are irrevocably lost.
6. Be cautious with public Wi-Fi: Avoid using public Wi-Fi networks when accessing your VeraWallets account, as they can be insecure and expose your data to potential attackers.

Finally, make sure you always visit the real www.verawallet.com website, and ensure your connection is HTTPS encrypted — look out for the ‘lock’ icon next to the URL.

We hope this gives a comprehensive overview of VeraWallet’s leading security features! We’re proud of our track record of fund security, and we’ll continue to innovate and respond to threats as they arise.

Follow Us:

• Twitter: https://twitter.com/verasitytech
• Discord: https://discord.gg/verasity
• Reddit: https://www.reddit.com/r/verasity
• CoinMarketCap: coinmarketcap.com/community/profile/Verasity/
• Zealy: https://zealy.io/c/verasity
• Telegram Official Channel: https://t.me/VRAchannel
• Telegram Token Discussion: https://t.me/VerasityPriceChat
• Telegram Token Announcements: https://t.me/verasity
• LinkedIn: https://www.linkedin.com/company/verasity