A strong mindset on minimizing risk in every aspect
Safe wallet architecture
Any and all DASH held by CrowdNode is organized into three categories of storage:
- Collateral wallets
- Staging wallet
- Working wallet
Each Collateral wallet holds the required DASH for running one masternode. I.e. 1000 DASH in each Collateral wallet. The Staging wallet is a buffer, which holds cryptocurrency in reserve until there is enough to start an additional masternode and thus transfer to a Collateral wallet. The Working wallet, is the only “hot” wallet in the system and it handles all deposits and withdrawals from CrowdNode users. The balance of the Working wallet is automatically kept below a set limit by automatic transfer to the Staging wallet.
The Working wallet is by necessity a “hot” wallet so it lives on a hardened machine and all withdrawal requests must be manually approved for processing.
The Staging wallet and the Collateral wallets are exclusively controlled via cold storage. This means that the funds are kept on dedicated, air-gapped and ever-offline machines with redundant, encrypted backups. It also means that funds can only be moved via one of two mechanisms:
- Regular multi-signature, air-gapped signing.
- Parachute eject
Air-gapped signing and the use Shamir’s Secret Sharing formula is the way transactions from masternodes and withdrawals exceeding the balance on the Working wallet are processed. The procedure entails the 5-of-6 signing of the DASH transaction on the cold storage machine, encoding the signed transaction as a QR-code which is then transferred from the cold-storage machine via a camera to an online machine for broadcasting on the DASH network. This procedure requires that at least 3 of the 4 CrowdNode founders in order to access the collateral have to meet physically in the bank, where the remaining two fragments are stored. This ensures that no one (or two) people can conspire to steal the funds in the Collateral wallets, as well as all have to meet in the bank vault.
The “parachute” eject option is a security measure which only comes into use in case of severe problems. It is a pre-signed mass transaction whereby every CrowdNode member gets their balance returned to them when the transactions are broadcast to the DASH network. This serves two purposes: Firstly, it is a “dead man switch” for the whole CrowdNode platform, viz. in the absence of active action from the CrowdNode team every member will get their balance returned to them automatically. Secondly, it prevents coercion, since if anyone from the CrowdNode team is threatened or compromised in any way, the “Ejector seat” is immediately activated so all CrowdNode balances are sent back to the members and funds are no longer accessible to the CrowdNode team.
Another central security element of the CrowdNode platform is the integrity of the database which stores all information about transactions and thus user balances. In other words, the CrowdNode ledger. Here we leverage the DASH blockchain itself, since all that is needed to construct a complete history of CrowdNode transactions, including deposits, dividends and withdrawals, to calculate current balances for every CrowdNode member is forever stored in the DASH blockchain. Should our internal database be compromised the ledger is reconstructed from the public blockchain via a list of DASH addresses of CrowdNode members and masternodes, so we keep this information as a hard copy and digital backup.