To maintain control over digital assets and safeguard them against online hackers, assets should be stored in self-custody wallets. These wallets provide seed phrases that must be stored securely and offline. Unfortunately, seed phrases are “a single point of failure” because they are stored in plain text format. This single copy, plain text format, exposes the owner to total asset loss through theft, damage, or loss of the seed phrases. The susceptibility to theft increases when the owner makes multiple copies to protect against damage or loss.
Xecret.io runs the seed phrase through a proprietary information dispersal algorithm (IDA) to create multiple data slices in the form of printable cryptographic QR codes. read more... Once QR codes are physically separated, the owner’s seed phrases are secure. Seed phrases are not recoverable from a single QR code because the IDA requires two or more QR codes to meet the minimum threshold for recovering the seed phrase. By incorporating the Xecret.io solution, the seed phrase ceases to be a point of failure.
Xecret.io is compatible with any wallet that generates a seed phrase, regardless of the digital assets, chain, or authentication method (Single Signature, Multi-Signature, or Multi-Party Computation). Xecret.io is the most secure way to protect the wallet's seed phrase.
The application can run both online and offline in a trustless environment. All processing related to the user's confidential information is conducted on the client side; our remote servers never come in contact with the user's confidential data (e.g., seed phrase). The only server-side process is related to account validation and credit tracking The code is available for inspection and auditing to assure our users of its safety and correctness. Click to view a diagram of client side vs. server-side processes.
A singular QR code does not contain enough information to recover the wallet's seed phrase, rendering the QR code hackproof. This security is achieved by leveraging Private.me XOR-based Information Dispersal Algorithm (XOR-IDA) to create a set of cryptographic QR codes. Please refer to our White Paper for more information.
read more...We invite the hacking community to brute force our QR codes to recover a seed phrase stored within them. To support the effort, we are providing a bounty prize of $5,000. Please visit our Bounty page to learn more about this challenge.
The best approach to keep seed phrases secure from cybercriminals is to store them offline. When storing offline, it is critical to save multiple copies in the event that one is lost or destroyed by a natural disaster. However, keeping multiple copies increases the likelihood of one of them being stolen.
read more...Xecret.io protects against theft by encoding the seed phrase into a set of cryptography QR codes. The seed phrase cannot be recovered if a single QR code is compromised. A threshold of QR codes (chosen by the user) is required to recover the seed phrase. For example, a user could create a set of three QR codes with a threshold of two. To recover their confidential information, the user would need two of the three QR codes to access their confidential information.
Typical offline storage of a seed phrase relies on the user writing it down on paper. This single, unencrypted copy uses a centralized storage model and exposes the owner to loss, fire, and theft.
Xecret.io solves these problems by using an offline decentralized storage model. Users keep several encrypted QR codes in various locations. A single QR code cannot recover a wallet's seed phrase because it lacks sufficient data, making them hack-proof while also protecting against loss and fire. The decentralized storage model provides the user with far greater security.
Instead of storing the QR codes at different locations, users may store them with different guardians. No entity or individual possessing a single QR code can recover the confidential information. Due to the decentralized state of the seed phrase, the guardian, who has access to a single QR code, will not have control or custody over the seed phrase from the wallet. This minimizes the owner's risk and reduces the guardian's responsibility. If one of the QR codes is lost or stolen, the owner can still recover that seed phrase from the other QR codes in its set.
Users can always recover their confidential information by utilizing our free public app, accessible on the Xecret.io website and independently published on GitHub.
| Solution Types | Disaster/Loss Protection | Theft Protection |
|---|---|---|
| Single Copy Stored in One Location | X | X |
| Multiple Copies Stored in Different Locations | X | |
| Online Digital Storage | X | |
| QR Codes Distributed to Different Locations |
(Stores 2,000 characters / approximately 10 - 20 wallets)
