• boaz

What it takes to hack Kesem Solution

Updated: Feb 18, 2019

It is quite often, that you read a story about a Bitcoin exchange being hacked and cryptocurrency stolen. These crypto exchanges are like a big pile of honey - they attract bees, but instead of bees, they attract real malicious actors, like hackers. Kesem team comprises of experienced security practitioners that know, that each new day, a new vulnerability is discovered, and over time anything can be hacked. To be able to create a solution that sustains security attacks, security is addressed from the architecture level, down to the bits and bytes.

Kesem team builds a new generation of banking platforms and one of the first products is Kesem Wallet. The Wallet is being architectured with this mindset that anything can be hacked over time.

Kesem wallet is a multisignature wallet, where user has 2 keys and Kesem backend has 1 key. Kesem can only co-sign the transactions, so the user must sign the transaction with one of his keys beforehand.

In order for the malicious attack to steal user funds the attacker must perform all of the following:

  1. Break into the Kesem cloud infrastructure.

  2. Find a way how to decrypt private keys.

  3. Stay unnoticed all this time.

  4. Develop a new zero day to break into the mobile wallet application and dump user keys.

  5. Find a way how to attack thousands of Kesem mobile customers all at once.

These should be done very quickly. Otherwise the Kesem security experts will notice the leak and stop the attacker.

The likelihood for this is rather low and in the meantime we do not sleep at rest. We are continuously building new walls and add new methods to make our platform and infrastructure even more secure.

Stay tuned for more info...

Yuli Stremovsky - Kesem CTO

153 views0 comments

© 2018 by Kesem.io