Audits & Security Partners
Human Wallet and its underlying protocols (Human Network and Zeronym) been audited. However, equally important, Human Wallet incorporates an advanced threat model and extensively employs security consultants in the design and implementation of features before audits are even done. Additionally, we have found and responsibly disclosed numerous bugs in other wallets to help secure their user funds. This had led to Human Wallet being a leader in wallet security.
Human Wallet views responsible security as a commitment to second lines of defense: rather than solely reducing the chance of bugs occurring, we focus substantial effort on limiting the scope of what a bug in any component can do. This is accomplished via techniques such as 2PC and resource isolation, along with zero trust and multifactor authorization (not just authentication).
Human Wallet or its key management protocols and features developed by Holonym such as Human Network and Zeronym, have been audited by:
- Cure53
- Hexens
- Least Authority
- Halborn
Human Wallet architecture was designed with consulting from
- Anderson Software
- Distrust
to create its architecture and development pipelines with security first.
But there's more than audits!​
Wallet security should not stop at audits; security model is equally important! Human wallet considers that dApps, frontends, or entire user devices may be compromised. These are rare considerations in a wallet security model, especially one that prioritizes user experience. Human wallet has second lines of defense via 2PC for these considerations to mitigate damage. The second party can require additional secure authorization mechanisms. These mechanisms include mobile or hardware wallet auhtorization of a transaction simulation, which is resistant to malware and blind signing; daily spend limits; or even the option to block any transaction above a specified risk threshold.