Our Security Practices


Disclaimer: CoinVault is still in BETA please store small amounts in the wallet

Web wallets

It is recommended that you diversify and hold your funds in multiple wallets.
We take security very seriously with high measures to ensure funds are safe.

Security standards

Encryption
All network communication is done over ssl.
Secrets are encrypted using AES with 256 bit cypher.
Wallet encryption key is created from your wallet password using a PBKDF2 with 512 bit salt and over 50k iteration.
All private keys are 256 bit and generated using a cryptographic PRNG.
We perpetuate the guidelines as recommended by OWASP

My Private Keys
You own your keys we do not have access to your private keys, only the user can unlock the coins using the wallet password.
The wallet private keys are encrypted using a key we control and a key you control, your wallet encryption key created from the wallet password (not to be confused with the login password).
This makes cracking the wallet password very resource intensive and will take over a year on modern computers.

Wallet backup
A wallet backup is created every time the user updates the wallet password and should be kept safe and private.
To help with recovering access to your wallet (in case you forget the wallet password) the wallet password is also encrypted with a key we control.
Never store the wallet password together with the backup keys.

Important! If you lose the backup and forget the wallet password we cannot recover your coins!

Hierarchical Deterministic Wallet

Coinvault implements the HD Wallets (hierarchical deterministic wallets) protocol as documented in BIP32 for generating deterministic child keys.
Multi-Coin and Multi-Account Hierarchy for Deterministic Wallets as documented in BIP43 and BIP44.
When creating the wallet we'll provide a Mnemonic code BIP39 this will allow to easily import to other wallets.

Wallet Funds

We do not hold coins as credit, Coinvault is an on-chain wallet.
An on-chain wallet means transactions are sent only on the block-chain.

Security Checks

Bounty Program
Check our Hackerone page to participate or report a security bug.

Penetration testing
We use external companies to verify our security.

Issues and bugs
For any security issue please contact us at Email: support@coinvault.io

Insurance

Insuring funds stored with Coinvault will be available once we reach critical size.