A note on Privy security
Henri Stern
|Oct 3, 2023
TL;DR
Building secure self-custodial experiences on the web is our core mission. Since Privy launched in January our work on security has been a core part of building better UX for web3 experiences. We have been working to set strong standards and enable users to upgrade their system to match their needs.
Over the past few days, we've seen an uptick in users reporting issues around social engineering and their embedded wallets - most notably (mobile phone) SIM swapping, phishing-related key exports - as well as loss of authentication methods.
Privy’s core infrastructure and architectural models are secure and operating as intended.
Out of the box we enable developers to change the authentication methods they support and add passwords to device recovery. Nonetheless, it is our responsibility to help developers set proper defaults.
Our work here continues. In the next few weeks, we'll be shipping transaction MFAs and alternate recovery methods.
We take user security seriously and are here to help if you run into any issues. Please reach out to [email protected].
What we’re seeing in the market
Over the past few days, we’ve seen several reports of unauthorized access to embedded wallets. We investigate every such report to both ensure the underlying issue is understood and properly addressed at a systems level and to help users with asset recovery when we are able. Most of these incidents have boiled down to SIM swapping, compromise of exported private keys, or users losing access to their login credentials (e.g. using a temporary phone number). To date, none of the incidents reported to us have been borne out of a vulnerability in Privy's underlying architecture or infrastructure. Should that occur, we’ll proactively raise these issues with the community in a responsible way.
What we’re doing about it
We take issues like these extremely seriously here at Privy. Privy has undergone multiple audits, both whitebox and blackbox pentests, as well as cryptographic audits and we look at all parts of the threat landscape as we build our product.
Balancing security and usability in self-custodial systems is central to our mission. Over the last few weeks, we’ve
updated opt-in recovery passwords so users can individually turn on an additional layer of security for their accounts,
upgraded our OTP challenge format,
blocked hundreds of thousands of fraudulent requests,
tuned invisible captchas for endpoints,
and much more.
This is just a sliver of our work. Defense in depth means continual work on this front. In the coming weeks we’ll be rolling out MFA for transactions as well as additional methods for wallet recovery and continuing to work on the defaults we push out to developers.
Enabling strong defaults that correspond to our users’ threat models is our responsibility as an infrastructure provide. This means giving each and every user the ability to balance usability and account security with easy-to-use options and good defaults; as well as encouraging developers to build these into their apps.
Reflections on Trusting Trust
Every system deserves to have its operating model and assumptions questioned and any serious security conversation must begin with a well-defined threat model.
Since we started, we’ve sought out and grown from conversations with serious builders asking deep questions about tradeoffs. These conversations are essential to building our product and moving standards in the space forward. If you’re thinking about these topics we’d love to talk with you.
The bottom line
Our top priority is to our customers and their users. We proudly stand with our customers and will continue to ship so they can build better self-custodial products and make the right decisions on behalf of their users.
Please reach out to us at [email protected] if you have any questions or run into any issues—we’re listening.
