FailSafe: Advanced Security for Digital Assets
  • Introduction to FailSafe
  • Whitepaper
    • Introduction
      • Defense-in-Depth
      • Forward Security
    • Web3 Threats to Your Crypto
      • The Human Factor: Design with Operator Error in Mind
    • Defense-in-Depth & the Lifecycle of a Transaction
      • Defense 1: de-risk Web3 Asset Positions
      • Defense 2: FailSafe Blockchain Reconnaissance
      • Defense 3: FailSafe Interceptor Service
      • Discussion
    • FailSafe Architecture
      • Forward Security in FailSafe
        • Quantum Threats to EVM-based Blockchains
          • On ECDSA Key Re-use
          • On New Quantum-resilient Alternatives
          • Account Abstraction as a Path to Sunseting ECDSA on Ethereum?
        • Introducing the Quantum Migration Tool (qMig)
          • Assumptions and Goals
          • How Does qMig work?
          • Discussion
          • FailSafe+qMig
    • Conclusion
    • Further Reading
  • How FailSafe helps your Organisation
    • Reduce Attack Surface Area
    • Radar for Security Risks
    • React to Malicious Threats
    • Forward Security against Looming Quantum Computing Threats
  • FailSafe as a tool for Enterprise Risk Management
Powered by GitBook
On this page
  1. Whitepaper
  2. Defense-in-Depth & the Lifecycle of a Transaction

Defense 1: de-risk Web3 Asset Positions

Before engaging with the user, the attacker has an opportunity to learn a great deal from the public ledger, fine-tuning targets of interest, based on type and value of owned assets. From the public ledger, the attacker’s bot can compile a list of addresses and corresponding owned tokens on selected EVM blockchains, customising the attack as needed.

On the flipside, during this phase, the user has a chance to de-risk and remove the majority of owned assets entirely beyond the attacker’s reach. By enrolling in the FailSafe automated cold storage feature, the vast majority of assets are re-balanced, to be owned by the user’s wallet address that does not partake in regular Web3 transactions.

Just as importantly, FailSafe is designed to maintain this security posture over time. With little to no imposition on the user, FailSafe automatically maintains the asset balance ratio between the hot and cold wallet, subject to the user's high level instructions. Access to cold storage is safeguarded via a multi-signature contract, the corresponding private keys are protected under a unique orchestration of Nitro Enclaves and Google’s Confidential Compute with cloud hardware security modules (HSM); it is designed to withstand insider threat/compromise (Figure 1 illustrates the overall architecture and described in more detail in the later section below).

Last updated 2 years ago