To maintain control over digital assets and safeguard them against online hackers, assets should be stored in self-custody wallets. These wallets provide seed phrases that must be stored securely and offline. Unfortunately, seed phrases are “a single point of failure” because they are stored in plain text format. This single copy, plain text format, exposes the owner to total asset loss through theft, damage, or loss of the seed phrases. The susceptibility to theft increases when the owner makes multiple copies to protect against damage or loss.
Xecret.io runs the seed phrase through a proprietary information dispersal algorithm (IDA) to create multiple data slices in the form of printable cryptographic QR codes. read more... Once QR codes are physically separated, the owner’s seed phrases are secure. Seed phrases are not recoverable from a single QR code because the IDA requires two or more QR codes to meet the minimum threshold for recovering the seed phrase. By incorporating the Xecret.io solution, the seed phrase ceases to be a point of failure.
Xecret.io works with all wallets that generate a seed phrase, regardless of the digital assets or chains that they support. All wallets utilize private keys to authenticate transactions, employing Single Signature, Multi-Signature, or Multi-Party Computation (MPC). Regardless of the authentication employed, Xecret.io is the most secure solution to protect the various wallets’ seed phrases.
The application is a standalone web application that can be used both online and offline. All processing related to the user's confidential information is conducted on the client side; our remote servers never come in contact with the user's confidential information (e.g., seed phrase). The only server-side process is related to account validation and credit tracking. The code is available for inspection and auditing to assure our users of its safety and correctness. Click to view a diagram of client side vs. server-side processes.
A singular QR code does not contain enough information to recover the wallet's seed phrase, rendering the QR code hackproof. This security is achieved by leveraging Private.me XOR-based Information Dispersal Algorithm (XOR-IDA) to create a set of cryptographic QR codes. Please refer to our White Paper for more information.
read more...We invite the hacking community to brute force our QR codes to recover a seed phrase stored within them. To support the effort, we are providing a bounty prize of $5,000. Please visit our Bounty page to learn more about this challenge.
The best approach to keep seed phrases secure from cybercriminals is to store them offline. When storing offline, it is critical to save multiple copies in the event that one is lost or destroyed by a natural disaster. However, keeping multiple copies increases the likelihood of one of them being stolen.
read more...Xecret.io protects against theft by encoding the seed phrase into a set of cryptography QR codes. The seed phrase cannot be recovered if a single QR code is compromised. A threshold of QR codes (chosen by the user) is required to recover the seed phrase. For example, a user could create a set of three QR codes with a threshold of two. To recover their confidential information, the user would need two of the three QR codes to access their confidential information.
The seed phrase is encoded in a decentralized framework within each QR code. Furthermore, within the framework, cryptography and redundancy are incorporated. Individuals who utilize QR codes will benefit from the offline security of a cold storage wallet with additional protection against physical loss, fire, and theft.
Instead of storing the QR codes at different locations, users may store them with different guardians. No entity or individual possessing a single QR code can recover the confidential information. Due to the decentralized state of the seed phrase, the guardian, who has access to a single QR code, will not have control or custody over the seed phrase from the wallet. This minimizes the owner's risk and reduces the guardian's responsibility. If one of the QR codes is lost or stolen, the owner can still recover that seed phrase from the other QR codes in its set.
Users can always recover their confidential information by utilizing our free public app, accessible on the Xecret.io website and independently published on GitHub.
| Solution Types | Disaster/Loss Protection | Theft Protection |
|---|---|---|
| Single Copy Stored in One Location | X | X |
| Multiple Copies Stored in Different Locations | X | |
| Online Digital Storage | X | |
| QR Codes Distributed to Different Locations |
(Stores 2,000 characters / approximately 10 - 20 wallets)
