Security Information

Your security is our top priority. Learn how we protect your digital assets

Security Overview

EtherDelta Wallet is designed with security as the foundation. Your private keys never leave your device, and all wallet data is encrypted using military-grade encryption standards. We do not have access to your funds, passwords, or private keys at any time. Security is not just a feature of EtherDelta Wallet, it is the core principle that guides every design decision we make. From the cryptographic algorithms we employ to the architecture of our software, every component has been carefully evaluated and implemented with security as the primary consideration.

This page provides detailed information about our security measures, best practices for keeping your wallet safe, and what you can do to protect your cryptocurrency assets. Understanding these security concepts is essential for anyone managing cryptocurrency. While EtherDelta Wallet provides robust security features, the ultimate security of your funds depends on how you use the software and how well you protect your private keys and passwords. We encourage you to read this entire page carefully and implement all recommended security practices.

The cryptocurrency ecosystem has seen numerous security incidents over the years, from exchange hacks to individual wallet compromises. By understanding the security landscape and implementing proper safeguards, you can significantly reduce your risk exposure. Remember that cryptocurrency transactions are irreversible, so once funds are lost or stolen, they cannot be recovered. Prevention through proper security practices is your only defense.

Encryption Standards

AES-256-GCM Encryption

EtherDelta Wallet uses AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode) to encrypt your wallet files. This is the same encryption standard used by governments and financial institutions worldwide to protect classified and sensitive information. The Advanced Encryption Standard was selected by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a rigorous five-year evaluation process involving the world's leading cryptographers. It has since become the global standard for symmetric encryption.

AES-256 provides an extremely high level of security. With current technology, it would take billions of years to crack AES-256 encryption through brute force attacks. To put this in perspective, the number of possible AES-256 keys is approximately 1.1 x 10^77, which is larger than the number of atoms in the known universe. Even with all of the world's computing power combined, it would be impossible to break AES-256 encryption within a reasonable timeframe. The GCM mode provides authenticated encryption, ensuring both confidentiality and integrity of your data. This means that not only is your data encrypted and unreadable without the correct key, but any tampering with the encrypted data will be detected and rejected.

The GCM (Galois/Counter Mode) operation mode we use is specifically designed to provide both encryption and authentication efficiently. Unlike older encryption modes that only provide confidentiality, GCM ensures that encrypted data cannot be modified without detection. This protects against sophisticated attacks where an attacker might try to manipulate encrypted wallet files to trick the software into revealing information or performing unintended operations.

Password-Based Key Derivation

Your wallet password is never stored directly. Instead, we use PBKDF2 (Password-Based Key Derivation Function 2) with SHA-256 and over 100,000 iterations to derive encryption keys from your password. PBKDF2 is a key derivation function specifically designed to be computationally intensive, making password cracking attempts expensive and time-consuming for attackers. The function takes your password and applies a cryptographic hash function repeatedly, with each iteration building upon the previous one.

This makes it extremely difficult for attackers to guess your password, even if they obtain your encrypted wallet file. Each additional iteration exponentially increases the time required for brute force attacks. With 100,000 iterations, deriving a key takes a fraction of a second on a normal computer, which is acceptable for legitimate users who need to decrypt their wallet. However, for an attacker trying billions of password combinations, this delay becomes a significant obstacle. An attack that might take days without PBKDF2 could take years or decades with proper key derivation.

The iteration count we use (100,000) has been carefully selected to provide strong security while maintaining usability. As computer processing power increases over time, we may increase this iteration count in future versions to maintain the same level of security. The SHA-256 cryptographic hash function used in the process is widely recognized as secure and has been extensively analyzed by the cryptographic community for over two decades.

Secure Random Number Generation

All cryptographic operations, including private key generation, use cryptographically secure random number generators provided by your operating system. This ensures that your private keys are truly random and cannot be predicted or reproduced.

Local Storage and Privacy

No Cloud Storage

Your wallet files are stored exclusively on your local device. We do not upload, sync, or transmit your wallet data to any cloud service or remote server. This eliminates the risk of your wallet being compromised through cloud storage breaches.

Your private keys exist only on your device, encrypted with your password. Even if someone gains physical access to your computer, they would need your password to decrypt and access your wallet.

No Telemetry or Analytics

EtherDelta Wallet does not collect any usage data, analytics, or telemetry. We do not track your transactions, wallet balances, or how you use the application. Your financial privacy is completely protected.

The only network communication occurs when connecting to Ethereum nodes to broadcast transactions and check balances. These connections are made directly from your device to the blockchain network.

Open Source Transparency

EtherDelta Wallet is open source software. Our entire codebase is available for public review on GitHub. Security researchers, developers, and users can audit the code to verify that we implement security correctly and do not include any malicious functionality.

We encourage responsible disclosure of security vulnerabilities and work with security researchers to address any issues promptly.

Best Security Practices

1. Use a Strong Password

Create a password with at least 12 characters, including uppercase and lowercase letters, numbers, and special symbols. Avoid using common words, personal information, or passwords you use elsewhere.

2. Backup Your Wallet Regularly

Create encrypted backups of your wallet and store them in multiple secure locations. Keep at least one backup on external storage that is disconnected from the internet (cold storage).

3. Keep Your Private Key Offline

Write down your private key on paper and store it in a secure physical location, such as a safe or safety deposit box. Never store your private key in digital form on any internet-connected device.

4. Verify Software Integrity

Always download EtherDelta Wallet from our official website. Verify the SHA-256 checksum of downloaded files to ensure they have not been tampered with. Never download wallet software from third-party sources.

5. Keep Your System Secure

Use reputable antivirus software, keep your operating system updated with security patches, and avoid installing software from untrusted sources. Consider using a dedicated computer for cryptocurrency management.

6. Be Aware of Phishing Attacks

Never share your private key, password, or recovery phrase with anyone. Be cautious of emails, messages, or websites claiming to be from EtherDelta Wallet asking for your credentials. We will never ask for your private key or password.

Transaction Security

Transaction Signing

All transactions are signed locally on your device using your private key. The private key never leaves your device during the signing process. Only the signed transaction is broadcast to the Ethereum network.

Each transaction includes a nonce (transaction counter) to prevent replay attacks and ensure that transactions are processed in the correct order.

Address Verification

Always double-check recipient addresses before sending transactions. Cryptocurrency transactions are irreversible once confirmed on the blockchain. We recommend sending a small test transaction first when sending to a new address.

EtherDelta Wallet displays transaction details for review before signing. Take time to verify all information, including recipient address, amount, and gas fees.

Gas Price Protection

The wallet provides current network gas price recommendations to help you avoid overpaying for transactions. You can adjust gas prices based on how quickly you need the transaction confirmed.

Security Audits

Third-Party Security Audits

EtherDelta Wallet undergoes regular security audits conducted by independent third-party security firms. These audits examine our code for vulnerabilities, cryptographic implementation issues, and potential security risks.

Audit reports are made available to the public, demonstrating our commitment to transparency and security. Any issues identified during audits are addressed promptly and included in subsequent releases.

Bug Bounty Program

We maintain a bug bounty program that rewards security researchers who responsibly disclose vulnerabilities in EtherDelta Wallet. This program incentivizes the security community to help us identify and fix potential issues before they can be exploited.

If you discover a security vulnerability, please report it to our security team at security@etherdelta-wallet.com. We request that you do not publicly disclose the vulnerability until we have had time to address it.

Continuous Security Monitoring

Our development team continuously monitors security advisories, vulnerability databases, and security research related to cryptocurrency wallets and the technologies we use.

We promptly release security updates when vulnerabilities are discovered in any of the libraries or components used by EtherDelta Wallet.

What EtherDelta Wallet Cannot Do

It is important to understand the limitations of our security measures. While we implement the highest security standards, there are things that EtherDelta Wallet cannot protect against:

  • We cannot recover your wallet if you lose your password and do not have a backup of your private key
  • We cannot prevent loss of funds if your private key is stolen or exposed
  • We cannot reverse transactions once they are confirmed on the blockchain
  • We cannot protect your funds if you send them to an incorrect address
  • We cannot prevent malware on your computer from stealing your password or private key
  • We cannot protect you from phishing attacks or social engineering

Your security depends on both our implementation and your personal security practices. Please take wallet security seriously and follow all recommended best practices.