Scan to download
Home
Article
Flash
Token Unlock
Hot Projects
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

GRVT Security Series (Part 2: Detailed Description of Security Layers)

Recommended Reading
2024-02-23 17:15:01
Collection
The hybrid exchange model of GRVT not only combines the advantages of CeFi and DeFi but also integrates the benefits of Web2 and Web3.

Many people around the world fall victim to cryptocurrency scams and phishing hackers. At GRVT, we are not unfamiliar with these either. That’s why, in addition to Web3 self-custody trading, we have integrated standard Web2 protections on our hybrid exchange.

On top of the typical security model of most DeFi projects, we are building an additional Web2 security layer that is familiar and easy to use.

In Part 2 of the GRVT Security Series, we will learn about the traditional security controls integrated into the platform.

If you missed Part 1 of our security architecture overview, check it out here.

Incorporating Web2 Security

GRVT's hybrid exchange model not only combines the advantages of CeFi and DeFi but also merges the benefits of Web2 and Web3.

Specifically, our Web2 security controls involve the following key elements:

User Login and 2FA

Wallet Whitelisting

The second layer of Web2 security is very effective in protecting centralized exchanges (CEX). Even if an attacker detects a potential smart contract vulnerability on our fully private second-layer chain, they would still need to compromise our backend network to exploit the potential vulnerability.

So, what is the importance of this Web2 security layer?

Scenario: User Private Key Leakage

The most common form of compromise in the crypto space is user private keys or user signatures.

Phishing attacks targeting user signatures typically operate as follows:

The attacker creates a fake website, such as grvt.exchange
The attacker issues alerts about an upcoming downtime, urging users to withdraw funds
The user signs a withdrawal signature, unknowingly sending funds to the attacker's wallet
The attacker uses the signature on the actual site to steal user funds

This attack vector applies to all DeFi applications. In contrast, GRVT applies two additional protective controls on top of our security infrastructure to mitigate such risks.

User Login and Two-Factor Authentication (2FA)

To submit transaction signatures on GRVT, users need to log in using their email and password. While 2FA is optional, it significantly reduces the risk of compromise.

If your signature is leaked, the attacker will face a more challenging task. To submit phishing signatures, they need your login credentials (easy to phish) and 2FA (harder to phish).

Wallet Whitelisting

Our system enhances the security of fund withdrawals by restricting transfers to pre-approved or "whitelisted" wallets.

A whitelist or allowlist is a cybersecurity strategy that approves specific entities, such as email addresses, IP addresses, domain names, or applications, while denying all others. IT teams use whitelisting as a quick and simple way to help protect networks from potential harmful threats. When a destination or application is whitelisted, it is considered safe. Access permissions will be granted to the approved destination or application.

For individual traders on GRVT, the process of whitelisting a wallet and withdrawing funds is straightforward:

Complete your 2FA

Sign the whitelisting transaction

This is an additional security measure to prevent your account from being compromised. If an attacker gains access to your GRVT account, your funds can only be transferred to your whitelisted wallet, preventing unauthorized transfers elsewhere. Most decentralized exchanges (DEX) do not include this mechanism, as their design does not accommodate arbitrary restrictions.

What’s Next

As the cryptocurrency space continues to grapple with fraud and phishing hacker threats, GRVT takes a proactive and comprehensive approach to protect our users. Integrating standard Web2 protections on our hybrid exchange marks an important step forward, setting us apart from other CEXs and DEXs.

In the next part of the GRVT Security Series, we will explore the elements included in the Web3 security layer.

Related tags
GRVT Web2
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
Recommended Reading
Recommended Reading
Full text of Powell's speech: Tariffs are higher than expected, and the impact will also be greater than expected
Full text of Powell's speech: Tariffs are higher than expected, and the impact will also be greater than expected
Stablecoin Yield Guide
Stablecoin Yield Guide
Related tags
GRVT Web2
Related reading
Gate Ventures Research Insights: ReFi Innovation, Opening a New Era of Consumer Applications
Gate Ventures Research Insights: ReFi Innovation, Opening a New Era of Consumer Applications
Dialogue with Hyperliquid Founder Jeff: Self-taught programming after entering the industry, does not accept VC investment
Dialogue with Hyperliquid Founder Jeff: Self-taught programming after entering the industry, does not accept VC investment
I posted a MEME, this is what I learned from it
I posted a MEME, this is what I learned from it
A Quick Overview of Delta: Seed Round Raises Millions in Funding to Build a Global State Sharing Network
A Quick Overview of Delta: Seed Round Raises Millions in Funding to Build a Global State Sharing Network
Copyright © 2023
About Us
Media Kit
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app