Security

Mr_Belfort · May 22, 2020, 9:14am

Love the mobile wallet! especially the tranfer of funds has become less cumbersome in comparison to other options. A question regarding security:

Most exchanges require a extra security check when withdrawing. Next to 2FA and password you also need to confirm the action via an emailed link. Also you get a reminder when a correct login has been performed. Is this something that has been ommited on purpose?

NJB · May 22, 2020, 9:16am

I suppose there is always a balance between security and convenience. I personally find the email confirmation a bit too much. I’m not sure which other exchanges you’re using, but that is usually used for confirming withdrawals on exchanges that I use.

Mr_Belfort · May 22, 2020, 9:18am

Deribit mostly… and Nash for spot offcourse

chris.fenwick · May 22, 2020, 9:22am

It seems like you’re thinking of Nash like a centralized exchange where you deposit funds. That’s a mistake. Nash is non-custodial and works very differently, and has a much more robust security profile.

Think of Nash as a blockchain wallet combined with a secure, non-custodial trading system.

Your personal account is a normal blockchain wallet. Sending funds from it works like sending funds from any other wallet, which doesn’t involve an email confirmation step. You can use this wallet to store all your assets. It’s not a place you “deposit” them to in order to use the exchange.

The trading contracts for the exchange cannot send funds to any address. They can only be withdrawn back to your personal wallet.

Mr_Belfort · May 22, 2020, 10:03am

Understood the non custodial part, and when comparing it to a blockchain wallet your point makes sense. Funny, I have been supporting Nash since the beginning and I’m in the blockchain space since 2013. Still it is difficult to place Nash exactly on the “blockchain evolution ladder” .

chris.fenwick · May 22, 2020, 10:07am

Just quickly regarding your other questions:

There’s a login tracking system in the works. I’m not sure exactly whether email confirmations will be involved, but you’ll be able to see login history with device, IP, etc.
When MPC is adapted for user wallets you’ll be able to whitelist addresses from your personal account. For more info: https://blog.nash.io/nash-launches-decentralized-api-keys/

Mr_Belfort · May 22, 2020, 10:10am

Thanks for the clarification!

Garda · March 18, 2021, 8:21am

How would Nash handle the DNS attack that was performed on the Pancake swap? Is Nash more secure than Pancake under the same circumstances, and if so, why?