> For the complete documentation index, see [llms.txt](https://neovestor.gitbook.io/neovestor/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://neovestor.gitbook.io/neovestor/technology-stack/neovestor-security-architecture.md). # Neovestor Security Architecture ### **User Wallet Security** **Tool**: **Web3Auth** (MPC + MFA + Social Logins)\ **Objective**: Secure, user-friendly wallet creation and authentication. * **Seed Phrase-Free Design**: * Eliminates seed phrase vulnerabilities (e.g., phishing, loss) using **Multi-Party Computation (MPC)**. Private keys are split across devices/networks. * **Multi-Factor Authentication (MFA)**: * Requires **two or more factors** (e.g., Google Authenticator, biometrics, email) for wallet access. * **Social Logins**: * Users onboard via Google, Apple, or Discord, simplifying access while maintaining security. *** ### **Cold Storage & Asset Custody** **Tool**: **Ledger Enterprise**\ **Objective**: Protect institutional and user funds in offline vaults. * **Cold Vaults**: * 90%+ of assets stored offline in Ledger’s HSM (Hardware Security Module) devices. * **Multi-Signature Approvals**: * Critical withdrawals require **3/5** signers from geographically dispersed custodians. * **Audit Trails**: * All vault transactions logged on-chain and monitored in real time. *** ### **Treasury & Protocol Governance** **Tool**: **Squads Protocol** (Solana Multi-Sig)\ **Objective**: Secure management of protocol funds and upgrades. * **Multi-Signature Wallets**: * Treasury transactions require **3/5** approvals from core team and DAO delegates. * **Programmable Policies**: * Time-locked transactions for governance proposals (e.g., 72-hour delay before execution). * **Solana Integration**: * Native support for SPL tokens and seamless interaction with Solana programs. *** ### **Data Encryption & Network Security** **Tool**: **SSL/TLS with AES-256**\ **Objective**: Protect data in transit and at rest. * **End-to-End Encryption**: * All user data (KYC documents, transaction histories) encrypted with **AES-256**. * **SSL/TLS Certificates**: * Secure APIs and web interfaces with HTTPS and HSTS protocols. * **Key Management**: * AWS Key Management Service (KMS) for rotating encryption keys. *** ### **Cloud Infrastructure Security** **Tool**: **AWS Cloud**\ **Objective**: Enterprise-grade security for backend infrastructure. * **Network Security**: * VPC (Virtual Private Cloud) isolation, WAF (Web Application Firewall), and DDoS protection via AWS Shield. * **Access Control**: * **AWS IAM** with role-based permissions and MFA for admin accounts. * **Monitoring & Logging**: * **AWS CloudTrail** for audit trails and **GuardDuty** for threat detection. * **Disaster Recovery**: * Multi-region backups and automated failover via AWS S3 and RDS. *** ### **Security Workflow Integration** ```plaintext User Onboarding → Web3Auth (MPC/MFA) → AWS Cloud (Encrypted Data) ↓ Transaction Request → Squads Multi-Sig (3/5 Approval) ↓ Asset Movement → Ledger Cold Vault (Offline Storage) ``` *** ### **Risk Mitigation Alignment** | **Risk** | **Mitigation Tool** | **How It Works** | | ------------------- | --------------------------- | ------------------------------------------------ | | **Phishing/Theft** | Web3Auth (MPC + MFA) | No seed phrases; MFA blocks unauthorized access. | | **Insider Threats** | Squads Protocol (Multi-Sig) | Requires 3/5 approvals for treasury actions. | | **Data Breaches** | AWS KMS + AES-256 | Encrypts sensitive data end-to-end. | | **Exchange Hacks** | Ledger Cold Storage | Offline vaults prevent hot wallet exploits. | *** ### **Compliance & Audits** * **Third-Party Audits**: * Annual penetration testing of AWS infrastructure and smart contracts. * **Regulatory Compliance**: * GDPR-ready data encryption (AWS KMS) and FATF Travel Rule adherence. * **Transparency**: * Public audit reports and real-time dashboards for treasury balances. *** ### **Why This Stack?** * **User Experience**: Social logins and MPC eliminate seed phrase friction. * **Institutional Trust**: Ledger + Squads meet enterprise custody standards. * **Scalability**: AWS ensures global, low-latency access while maintaining security. *** **Audit Reports**: Available Soon --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://neovestor.gitbook.io/neovestor/technology-stack/neovestor-security-architecture.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.