Security confirmation

Hello, why can I withdraw without any other steps like email confirmation?

Nash is a non-custodial wallet – this would be similar to Exodus requiring e-mail confirmation even though it’s a user-owned hot wallet. E-mail confirmation for transactions are typically a feature of centralized wallets. I’m not aware of non-custodial solutions that have this feature?

For maximum security though, you can always enable the MPC policy which blocks external withdrawals:

When you withdraw funds with the policy enabled, you get this window:

Note that this disables the policy globally, meaning after your withdrawal you’ll need to re-enable the policy.

Future MPC policies slated for development include whitelisted addresses, if I’m not mistaken. This should allow withdrawals to certain addresses without the need to disable the policy account-wide.

4 Likes

I don’t understand what it has to do with it. I could have a Trojan right now. The fact that Nash is non-custodial does not prevent from withdrawing funds from my wallet.

Just LOL

This solution is not very comfortable.

Why is that? It disables withdrawals, even if a hacker has access to your Nash account. The only way a withdrawal can happen is if they have 1) your password 2) your 2FA and 3) access to your e-mail. That’s pretty safe.

2 Likes

I assume you are on mobile. Desktop does not require email confirmation. There is probably some extra security layer for every device used to ensure the safety of one’s funds, with or without MPC. Maybe a future update will allow it to be toggled off for select users if that is much desired.

1 Like

Nash will be adding policies like this using their MPC technology, for now the only MPC policy is the complete lock of everything. I’d like to see wallet address whitelist and ip address whitelist with email confirmation similar to what can be done on Binance. Hopefully it’s coming soon.

1 Like

Imagine doing 3 or 4 transactions a day. I have to disable and activate every time.

Agreed – it’s a better long-term ‘hodl’ solution. I mentioned address whitelisting though which is on the horizon, that will solve the issue for most people. Keep your :eyes:s peeled!