{"id":681,"date":"2022-05-30T21:33:16","date_gmt":"2022-05-30T19:33:16","guid":{"rendered":"http:\/\/15.237.144.26\/?p=681"},"modified":"2024-03-14T20:15:32","modified_gmt":"2024-03-14T19:15:32","slug":"is-it-safe-to-connect-your-portfolio-tracker-to","status":"publish","type":"post","link":"https:\/\/www.waltio.com\/fr\/blog\/is-it-safe-to-connect-your-portfolio-tracker-to\/","title":{"rendered":"Is it safe to connect your crypto account to a portfolio tracker?\u00a0"},"content":{"rendered":"\n

As crypto-owner, it can be a little bit scary to connect your wallet or exchange accounts to a third party, such as a crypto account aggregator. Few Waltio<\/a> users have shared this concern with us about being hacked or getting their coins stolen! Let\u2019s clarify how Waltio has been developed from scratch to protect your identity, coin and wallet information.<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

How does a crypto portfolio tracker (also known as account aggregator) collect data about your exchange or wallet accounts?<\/h3>\n\n\n\n

Most exchanges have created an API (Application Program Interface)<\/a><\/strong> to allow machine to machine communication. More technically, an API is a set of endpoints exposed over the HTTP (HyperText Transfer Protocol) protocol used to collect information or to request to execute some actions. Is it safe? Yes, because the HTTP protocol is exactly the same that you use when you open your favourite browser and login to an exchange website.<\/p>\n\n\n\n

When we connect to an exchange, we don\u2019t use the simple HTTP protocol, we use an extension of it called HTTPS (HTTP Secure). If you are using HTTP, all your data navigate in clear mode on the network. By using HTTPS, your data are encrypted using the certificate provided by each exchange. Again, it\u2019s the same security level compared to a connection through a browser.<\/p>\n\n\n\n

\n

Whether you are dealing with your cryptocurrencies or other things, you always need to need to makesure you are browsing a website using HTTPS instead of HTTP.<\/p>\n<\/blockquote>\n\n\n\n

But how does it collect only my data?<\/h3>\n\n\n\n

When a connection is made to an API, it needs to be authenticated. It\u2019s for this reason that Waltio is asking you to provide an API key. Using your key, the exchange will know that we are connected using your own profile.<\/p>\n\n\n\n

How can I be sure that an aggregator don\u2019t execute actions that I don\u2019t want?<\/h3>\n\n\n\n

When you generate an API Key in each exchange, you can specify which permissions you want to assign to this specific key. In general, exchanges provides 3 different sorts of access: Reading, Trading and Withdraw.
At Waltio, we only ask you to grant \u201cread only\u201d permissions. It means that we can only access to your balance, your past transactions or your orders. But in any case, we can place a new order or request a withdrawal. For this reason, we encourage you to be very careful when you assign permissions to a key.<\/p>\n\n\n\n

\n

Whenever you use app using API feature, make sure you don\u2019t have the withdrawal right to the newly generated API Key. Providing withdrawal access to third party system simply black-hat hackers work.<\/p>\n<\/blockquote>\n\n\n\n

You\u2019ll find all required permissions for all supported exchanges on this page:<\/p>\n\n\n\n

Configuration \u2013 Waltio<\/strong><\/a>
This page explains how to configure your Waltio account.
doc.waltio.co<\/p>\n\n\n\n

What about wallets?<\/h3>\n\n\n\n

When you synchronise a wallet in Waltio, you\u2019ll notice that we only ask you to provide the address of your wallet. Most of the blockchain networks are public. By providing a wallet address, we can simply connect to the network and retrieve your balance and your past transactions.<\/p>\n\n\n\n

Does Waltio implement HTTPS as well?<\/h3>\n\n\n\n

Yes. And if we go a bit deeper on this topic, HTTPS is good, but you need to look at the encryption algorithm used in the certificate to be sure that it\u2019s safe. Let\u2019s start from the beginning and understand how do we get an HTTPS certificate. It\u2019s possible to implement a self-signed certificate, but it\u2019s obviously not safe at all. The best way is to get a certificate from a certificate authority (CA). Waltio\u2019s CA is GoDaddy (you can verify our certificate just by clicking on the lock icon next to the URL in your browser). GoDaddy is providing us a strong certified certificate that will be used to encrypt all messages transported over the network. You can see our security HTTPS overall rating \u201cA\u201d here: https:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=tax.waltio.co&s=54.227.215.155<\/a><\/p>\n\n\n\n

How does Waltio manage user authentication?<\/h3>\n\n\n\n

For security reasons, we delegate the user authentication to another company called Auth0<\/strong>. This company is in charge of checking your identity and store safely critical identity data. Waltio is never aware of your password, the only information that we have is your email address that we use as username in our application. So in any case, Waltio can use your email address and password to try to gain access to your exchange account (because we don\u2019t know your password ).<\/p>\n\n\n\n

How does Waltio protect the access to my information?<\/h3>\n\n\n\n

When you successfully login to Waltio (using Auth0), you are granted a token. Waltio uses the OAuth2 authentication mechanism. This token, provided by Auth0, is then sent to our services to be able to get the data stored on our side (and display it in our application). Using again Auth0, all of our services are protected. It means that your token will be verified first with Auth0 before sending back any information. Because your token includes basic identify information such as your email address, we only returns information belonging to your specific Waltio account.<\/p>\n\n\n\n

Is it possible that Waltio\u2019s server will be hacked?<\/h3>\n\n\n\n

Of course, never say never. But all your data is hosted in AWS, and it ensures that your information are protected and backup properly. On top of that, AWS is responsible of keeping this service running all the time (so you won\u2019t be surprised with a database connection error in our application). We use AWS VPC (Virtual Private Cloud). Data storage is isolated in a private network<\/strong>, and we configured it to forbid public access to our data storage. So the only way to access this data is to use the services that are protected with Auth0 as explained above.<\/p>\n\n\n\n

What if AWS servers or data centers got hacked?<\/h3>\n\n\n\n

Again, never say never. But to be sure that your data is extremely safe, we encrypt at rest your account data. What does it mean? When data are saved in a server, they are usually stored in some binary files in clear mode on the filesystem.<\/p>\n\n\n\n

\n

A smart and experienced hacker might be able to hack through AWS to get these files and collect some valuable information. For this reason, we encrypt your data at rest. All your information are encrypted before being written on the server.<\/p>\n<\/blockquote>\n\n\n\n

So, even AWS engineers who have access to all servers can\u2019t read your data because they are encrypted. It\u2019s another way again to protect your data.<\/p>\n\n\n\n

What are the next steps?<\/h3>\n\n\n\n

What else Waltio can do ?<\/h3>\n\n\n\n

As explained, Waltio has been developed from scratch to ensure the security of your information, but we won\u2019t stop here. In our TO DO list:<\/p>\n\n\n\n

* We already have in our roadmap to enable Two Factor Authentication (2FA)<\/strong> in Auth0.<\/p>\n\n\n\n

* We are testing the solution provided by some exchanges to limit API calls only from our servers<\/strong>. It means that even if hacker get hold of your API keys and secrets, they could be use only from our Waltio servers.<\/p>\n\n\n\n

What should I do to keep my cryptocurrencies safe ?<\/h3>\n\n\n\n

But we can\u2019t do that alone, we need your help. Be sure to follow as much as possible these guidelines:<\/p>\n\n\n\n

\u2013 Never interact with cryptocurrency-related sites without HTTPS protocol (if there is no locker on the left part of the URL, leave the web site).<\/p>\n\n\n\n

\u2013 Use Multifactor authentication in all exchanges (2FA)<\/strong><\/p>\n\n\n\n

\u2013 Bookmark your main trading website and visit it only by clicking this bookmark to avoid phishing website<\/p>\n\n\n\n

\u2013 Do not use the same password for all exchanges or wallets<\/p>\n\n\n\n

\u2013 Use a different email address for your exchanges than your regular one<\/p>\n\n\n\n

\u2013 Don\u2019t save all your usernames and passwords in a file on your hard drive<\/p>\n\n\n\n

Here are additional tips to keep your crypto safe made by Consensys.<\/p>\n\n\n\n

Thanks for reading \ud83d\ude42 If you have any question, feel free to reach out to us<\/a> or comment.<\/p>\n","protected":false},"excerpt":{"rendered":"

As crypto-owner, it can be a little bit scary to connect your wallet or exchange accounts to a third party, such as a crypto account aggregator. Few Waltio users have shared this concern with us about being hacked or getting their coins stolen! Let\u2019s clarify how Waltio has been developed from scratch to protect your […]<\/p>\n","protected":false},"author":3,"featured_media":1683,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[179],"tags":[],"class_list":["post-681","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/posts\/681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/comments?post=681"}],"version-history":[{"count":5,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/posts\/681\/revisions"}],"predecessor-version":[{"id":9642,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/posts\/681\/revisions\/9642"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/media\/1683"}],"wp:attachment":[{"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/media?parent=681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/categories?post=681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.waltio.com\/fr\/wp-json\/wp\/v2\/tags?post=681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}