Neovestor Security Architecture

Combining MPC, Multi-Sig, and Enterprise-Grade Infrastructure

User Wallet Security

Tool: Web3Auth (MPC + MFA + Social Logins) Objective: Secure, user-friendly wallet creation and authentication.

  • Seed Phrase-Free Design:

    • Eliminates seed phrase vulnerabilities (e.g., phishing, loss) using Multi-Party Computation (MPC). Private keys are split across devices/networks.

  • Multi-Factor Authentication (MFA):

    • Requires two or more factors (e.g., Google Authenticator, biometrics, email) for wallet access.

  • Social Logins:

    • Users onboard via Google, Apple, or Discord, simplifying access while maintaining security.

Cold Storage & Asset Custody

Tool: Ledger Enterprise Objective: Protect institutional and user funds in offline vaults.

  • Cold Vaults:

    • 90%+ of assets stored offline in Ledger’s HSM (Hardware Security Module) devices.

  • Multi-Signature Approvals:

    • Critical withdrawals require 3/5 signers from geographically dispersed custodians.

  • Audit Trails:

    • All vault transactions logged on-chain and monitored in real time.

Treasury & Protocol Governance

Tool: Squads Protocol (Solana Multi-Sig) Objective: Secure management of protocol funds and upgrades.

  • Multi-Signature Wallets:

    • Treasury transactions require 3/5 approvals from core team and DAO delegates.

  • Programmable Policies:

    • Time-locked transactions for governance proposals (e.g., 72-hour delay before execution).

  • Solana Integration:

    • Native support for SPL tokens and seamless interaction with Solana programs.

Data Encryption & Network Security

Tool: SSL/TLS with AES-256 Objective: Protect data in transit and at rest.

  • End-to-End Encryption:

    • All user data (KYC documents, transaction histories) encrypted with AES-256.

  • SSL/TLS Certificates:

    • Secure APIs and web interfaces with HTTPS and HSTS protocols.

  • Key Management:

    • AWS Key Management Service (KMS) for rotating encryption keys.

Cloud Infrastructure Security

Tool: AWS Cloud Objective: Enterprise-grade security for backend infrastructure.

  • Network Security:

    • VPC (Virtual Private Cloud) isolation, WAF (Web Application Firewall), and DDoS protection via AWS Shield.

  • Access Control:

    • AWS IAM with role-based permissions and MFA for admin accounts.

  • Monitoring & Logging:

    • AWS CloudTrail for audit trails and GuardDuty for threat detection.

  • Disaster Recovery:

    • Multi-region backups and automated failover via AWS S3 and RDS.

Security Workflow Integration

User Onboarding → Web3Auth (MPC/MFA) → AWS Cloud (Encrypted Data)  

              Transaction Request → Squads Multi-Sig (3/5 Approval)  

              Asset Movement → Ledger Cold Vault (Offline Storage)

Risk Mitigation Alignment

Risk

Mitigation Tool

How It Works

Phishing/Theft

Web3Auth (MPC + MFA)

No seed phrases; MFA blocks unauthorized access.

Insider Threats

Squads Protocol (Multi-Sig)

Requires 3/5 approvals for treasury actions.

Data Breaches

AWS KMS + AES-256

Encrypts sensitive data end-to-end.

Exchange Hacks

Ledger Cold Storage

Offline vaults prevent hot wallet exploits.

Compliance & Audits

  • Third-Party Audits:

    • Annual penetration testing of AWS infrastructure and smart contracts.

  • Regulatory Compliance:

    • GDPR-ready data encryption (AWS KMS) and FATF Travel Rule adherence.

  • Transparency:

    • Public audit reports and real-time dashboards for treasury balances.

Why This Stack?

  • User Experience: Social logins and MPC eliminate seed phrase friction.

  • Institutional Trust: Ledger + Squads meet enterprise custody standards.

  • Scalability: AWS ensures global, low-latency access while maintaining security.

Audit Reports: Available Soon

PreviousSystem ArchitectureNextSmart Contract Architecture

Last updated