Whitepaper

Authors

Daniel Chong & Noah Chong

Abstract

Harpie offers crypto protection plans that allow you to keep all of your assets safe even in the face of key loss, theft, hacks, or loss of life. We are a non-custodial security company, giving you peace of mind and full autonomy over your crypto.
Harpie supports all major wallets including Metamask, Trezor, Ledger, and Trust Wallet.

Introduction

Since the dawn of digital currencies, the onus has been put on the user to implement proper security procedures for their wallets. Users are responsible for not forgetting their keys, not falling victim to scams, and setting up a succession plan in case they pass. Usually without any outside help.
For the early crypto investor, protecting their assets was a simple task. These investors tended to only have a single wallet to care for. However, with the recent explosion in popularity of decentralized finance, many users have ended up with three or more wallets across multiple apps, devices, and blockchains.
It is now common to see egregiously unsecure methods of securing keys and wallets used simply because of the convenience factor (e.g. screenshotting keys and uploading them to the cloud, only having a key written down in a single place). To add to the stress, crypto scams have become increasingly sophisticated—the simple phishing and "enter private key here" scams of the past have turned into multi-level works of social engineering, spearheaded by influencers and "trusted" figures. With all of these issues to tackle, most crypto users haven't set up succession plans for a single one of their wallets, let alone all of them.
The crypto users of today need a simple way to defend all of their crypto, on all of their wallets and blockchains, from unexpected events. This is why we built Harpie. Harpie allows our users to connect an unlimited number of wallets to our service and set up protection plans and defenses for every single one of their wallets. Our simple dashboard allows you to see, manage, and create protection plans for your wallets, all in a single place. We are compatible with any wallet on the Ethereum blockchain, with plans to expand to Polygon and Binance Smart Chain in the very near future.

Protocol Basics

Harpie's protection suite consists of three primary technologies.
  • Our Asset Recovery solution allows users to recover their funds even if their private key is lost/destroyed. Signing up for Harpie Key Recovery never requires that you give us your private key: all permissions are granted on a smart-contract basis.
  • Our Hack Prevention solution allows users to set up a user-owned Proxy that detects and quashes malicious transactions before they happen. Inherently, Hack Prevention also prevents asset loss caused by sending tokens to a misspelled address.
  • Our Last Wills solution allows users to set up a succession plan that activates if they are to pass away. Users may designate an executor of their will, or have their will activate on an automatic basis. Our technology helps guide less technically savvy beneficiaries in receiving their portion of your inheritance.
These technologies are briefly detailed below. For more detailed technical information, please see their respective sections: Asset Recovery, Hack and Theft Prevention, Last Wills.

Introduction to the Harpie Proxy

Users sign up and log in to Harpie by clicking a link sent to their email. When a user registers, two things are created:
  • A user account in the Harpie Database.
  • An Ethereum signer. This signer is only accessible by the party that owns the email address tied to a Harpie account. This is known as the Harpie Proxy.
To reiterate: you, and only you (not even the Harpie team), can access the Harpie Proxy at any time.
The Harpie Proxy is the cornerstone of Harpie's protection suite. We use this Proxy to moderate transactions, override malicious transactions, and recover crypto. In a general sense, the Proxy can be thought of as a "protection layer" above your wallets that can only be accessed by you on a local machine.
We plan to allow customers to generate Harpie Proxies via biometric, social multi-sig, and physical methods in the future.
More precise details on how the Harpie Proxy is used will be highlighted in the following sections.

Asset Backup and Recovery

Natural disasters, forgetfulness, and unexpected circumstances are all common events which can cause the destruction or loss of a private key. Harpie offers registered users the ability to transfer assets out of their lost wallets even if their wallet key is lost or destroyed.
To create an asset backup and recovery plan, users must first sign a Approval smart contract with their Harpie Proxy. This Approval smart contract gives the Harpie Proxy the ability to transfer tokens out of your wallet at a future point in time. Whenever you need to recover your funds, you'll log in to your Harpie Proxy and Transfer assets out of your lost wallet and into a new one.
An example of the Harpie process:
Customer A would like to recover all of the USDC, DAI, and WETH in their MetaMask wallet in the event that they ever lose their private key. Customer A must Approve their Harpie Proxy to transfer those tokens out of their wallet at a future time.
Two years later, Customer A loses their private key to their MetaMask wallet. They log into Harpie by clicking the link sent to their email and completing 2-factor authentication on their mobile device. They access their Harpie Proxy and transfer their USDC, DAI, and WETH into their new wallet address, successfully completing their recovery!
Users are able to back up as many tokens on as many wallets as they'd like and see all of their existing protection contracts in their dashboard.
Harpie as a company never has access to your funds during any step of the recovery & backup process. Your Harpie Proxy is only accessible by you, and is the only party approved to handle your assets. This extra layer of bulletproof security is part of our Zero-Knowledge Commitment.
Learn more about how Harpie prioritizes your security in our security section.
Learn more about the technology and rationale behind choices we made in the dedicated section for this topic.

Hack and Theft Prevention

There is no shortage of hackers, scammers, and thieves with the intent to steal your funds or private keys. Over $1B in assets were stolen or destroyed in the last year due to these malicious parties.
Every Ethereum transaction takes a certain amount of time to go from a "pending" status to a "completed" status. Harpie defends our users from hacks and thefts by automatically quashing malicious transactions before they are completed, stopping them before they have a chance to steal your funds.
To set up this plan, users are asked to create an address book. This address book is a set of "trusted addresses" that your wallet can transact with. Transactions with parties outside of your address book are detected and quashed.
Detection is handled by RPC nodes around the world querying the blockchain some ten times a second each. The exact providers of our detection nodes are hidden for the sake of preventing network outages.
Quashing is handled by your Harpie Proxy. When a malicious transaction is detected, your Harpie Proxy sends a request to transfer the vulnerable asset out of your wallet and into itself/another designated wallet address. This request has a significantly higher gas payment than the malicious transaction, which allows it to execute faster than the malicious transaction due to MEV (ethereum.org). When the malicious transaction finally gets in line to execute, your funds have already been transferred away to a safe location.
(Hack and theft prevention is an upcoming and work-in-progress feature. Details on this whitepaper are subject to change. Please keep up with our Discord and Twitter for news and to have a chance at early access.)

Last Wills

Everyone deserves a way to provide for their loved ones in case they pass. Putting a succession plan in place can help give you peace of mind, no matter if you're just starting out in crypto or have been exposed for a while.
The architecture of cryptocurrency is inherently counterintuitive to the idea of last wills and succession planning: we are told to never share our keys to anyone, and to never share the location of our keys. Unfortunately, the only way to pass on crypto is to share a private key with the beneficiaries. This poses two major issues:
  • What is the mechanism in which someone passes on their private key: does their estate lawyer have access to their private key? Is the key written down in a last will? A hidden compartment? All of these options pose different security threats. There exists no secure or standardized methodology for passing down a private key.
  • How can someone share crypto with multiple beneficiaries with only a single private key to pass on?
Harpie allows you to take control of both of these issues in a transparent and secure manner. With Harpie, you can dynamically add beneficiaries to your will and dictate the exact details of their inheritance onto the blockchain. At any time, you can modify the terms of your will or the number of beneficiaries you have.
There are three types of wallets involved in the Harpie last will process: User Owned Wallets, a single Middleman Wallet, and Recipient Wallets. In the case that a user passes away, funds will be transferred from the User Owned Wallet to the Middleman Wallet. Recipients will then be able to transfer their allocation out of the Middleman Wallet and into their own.
Starting a will begins with designating an executor(s)—a trusted party(ies) that are responsible for validating documents (such as a death certificate) and ensuring your assets are ready for release. You have the option of setting Harpie as a validator, but it is not mandatory. You also have the option of setting a smart contract as a validator if you'd like to add custom configurability.
When your documents are validated by your executors, your assets are transferred to the Middleman Wallet. This wallet is a Harpie Proxy that has already allocated specific amounts of each token to the recipients. Once funds are released to the Middleman, each beneficiary of your will can transfer their allocation out of the Middleman and into their own wallets.
More technical details are coming soon!
(Last wills are an upcoming and work-in-progress feature. Details on this whitepaper are subject to change. Please keep up with our Discord and Twitter for news and to have a chance at early access.)

Security Overview

Trusting a third-party cryptocurrency solution has always been a tall ask. Harpie utilizes Zero-Knowledge Proofs, industry-standard AES-256 and ECC encryption, and pen-tested HSMs to keep our service secure. We use Magic to handle authentication.

Zero Knowledge Commitment

We pledge to design our systems a way that:
  1. 1.
    never requires the custody of a customer's funds, private key, or other sensitive data in order to provide advertised services
  2. 2.
    never allows us access to a customer's account without their consent
  3. 3.
    provides transparency that Pledges 1 and 2 are being fulfilled
Our Zero Knowledge Commitment is designed to provide our customers ultimate security and peace-of-mind, and is the guiding principle of the security systems outlined below.

Security Features Quick Look

  1. 1.
    Zero-Knowledge, Passwordless Authentication
  2. 2.
    Multi-factor Authentication
  3. 3.
    Non-Custodial Key Management
  4. 4.
    Locally Generated Public-and-Private Key-Pairs
  5. 5.
    Delegated Key Management through AWS KMS and AWS Cognito
  6. 6.
    AES-256 Encryption with 256/384-bits of Entropy

Passwordless Authentication

Harpie utilizes passwordless authentication with MFA to securely authenticate all of our users. We generate key-pairs for your account and Harpie proxy using the Ethereum network. This private key is used to generate a cryptographically verifiable proof of identification and authorization. This proof is then sent to our resource servers to validate claims and recover privileged information, without ever needing a password. This claim format is an adaption of the W3C Decentralized Identifiers protocol for globally unique and resolvable identifiers.

Zero-Knowledge Proofs + HSMs

Hardware Security Modules (HSMs) hosted by Amazon Web Services' Key Management Service (KMS) provide secure encryption and decryption operations for authentication and identification. These HSMs are a sort of black box, similar to hardware-based cold wallets like Trezor or Ledger, where data can be signed and validated without exposing the secrets stored within them.
A user-specific master key generated using AES-256 with 384-bits of entropy is stored within these HSMs. Private keys generated for use by the Harpie Proxy are then encrypted by a user's master key. An attacker who would want access to your account or Proxy would need to gain access to these hardware modules to retrieve the private keys.

Non-Custodial Key Management

When something is non-custodial, you have sole control over your private keys. With sole control over your private keys, you have full control and ownership of your cryptocurrency. Users directly interface with AWS KMS and AWS Cognito for critical encryption and decryption to guarantee Harpie stays non-custodial. We never access or see our users' private keys, reducing the risk of unauthorized access to your wallet or Proxy.
When a user successfully authenticates through our auth relayer, users receive a time-bound access token. This time-based access token is then traded for scoped credentials, which enables users to directly communicate with AWS and use their master keys for encryption and decryption. This entire process completely bypasses the Harpie backend. Both access tokens and scoped credentials are created dynamically by AWS, with audit logs, and with TTLs enabled, and are exclusively exchanged with the client. We have also removed permission to decrypt with AWS KMS, preventing any malicious internal attacks or negligence.
Public-and-private key-pairs are generated client-side using 256-bits of entropy and directly encrypted and decrypted by AWS KMS.

Multi-factor Authentication

Harpie offers end-user Multi-factor Authentication (MFA) through mobile authenticator apps like Authy or other QR-based authenticators. MFA is essential for account security because it provides a second layer of protection to your account. With MFA enabled, attackers would need access to both your email and secondary device in order to access your Harpie account. MFA functionality is enabled for all users. There are future plans to extend MFA authentication to hardware devices (like YubiKey) and biometrics.

TLS, HSTS, and SSL

Harpie uses industry-standard network protocols for all communications between users and our servers. The Transport Layer Security (TLS) protocol, HTTP Strict Transport Security (HSTS) standard, and Secure Sockets Layer (SSL) protocol help to mitigate the risk of man-in-the-middle and downgrade attacks on our service by providing end-to-end encryption for all of our users.

CSRF + XSS

Harpie enforces strict CSP headers to reduce the risk of XSS and data ingestion exploits. CSRF tokens are unique, secret, unpredictable values that are generated server-side. We use CSRF tokens to ensure that all requests are authentic and have not been forged by malicious attackers.

Phishing Protection

Harpie has reduced the risk of phishing attacks. A phishing attack is where a malicious attacker pretends to be an authentic service. A phishing site usually asks for a password or seed phrase and compromises your account as soon as you use them. Harpie NEVER asks for a password or your wallet seed phrase, so any sites pretending to be Harpie should be immediately reported to our team at [email protected]
Harpie authenticates logins through magic links sent to your email. If by any chance that a magic link is lost, stolen, or compromised in transit, the token included in the email is only privileged to verify a login request from the device and/or browsing context that initiated the request. An attacker would require physical access to the user's device and unencrypted email inbox to be malicious.
We also whitelist domains. Even if a direct 1-to-1 copy of our site is created with compromised API keys, illegitimate applications would not be able to forge requests on a user's behalf.

Last modified 4mo ago