Stop Getting Hacked: How PistachioFi Handles Security

Stop Getting Hacked: How PistachioFi Handles Security

Stop Getting Hacked: How PistachioFi Handles Security

May 22, 2024

a steel pistachio that perfectly represents our robust security measures. This image symbolizes how we keep your assets secure and inaccessible to unauthorized users.

At PistachioFi, security isn’t just a priority—it’s our mission. Here’s how we ensure your cryptoassets are protected:

Eliminating Seed Phrases

We’ve done away with seed phrases due to their poor user experience. Instead, users sign up with an email or SMS (we suggest email, or a burner/hidden email for further security). We employ a One-Time Password (OTP) for account creation and sign-ins, removing the phishing risk associated with permanent passwords.

Secure Private Key Storage & Recovery

Your private key is stored in your device’s secure enclave, guaranteeing only you can access your funds. Using Multiparty Computation (MPC), we split your key into encrypted shards. One half is saved to your cloud account, and the other to our encrypted database. Even if one shard is somehow compromised and decrypted, it’s useless without the other half.

Independent Passwords & Biometrics

Your cloud account password is separate from your email or phone number, adding another security layer. Face ID is required for account creation and access, providing an additional security measure.

Data Encryption

All user data, including emails and phone numbers, is encrypted on our database. In the event of a hack, the information would not be visible to the hacker.

Email and Phone Search Hidden by Default

Users create a unique username for transfers. By default, username search is enabled, while email and phone number searches are disabled (although can be enabled in settings).

Frontrun Protection

When interacting with the Ethereum Mainnet, all transactions are safeguarded from MEV with built-in front-run protection, ensuring you’re safe from arbitrage bots.

Preventing Wallet Drains

At launch, PistachioFi cannot connect to external applications, preventing malicious connections. We’re developing an embedded wallet connect solution that includes domain whitelists/blacklists, transaction simulations, and manual confirmations for suspicious transactions.

Our Commitment

We are dedicated to providing a secure user experience and preventing our users from falling victim to hackers. At PistachioFi, protecting your nut is our mission.

Sign up today.

Sign up today.