Security designed from the ground up
VLTStake follows a zero-trust, multi-layer security model built to protect your assets at every level.
Core Principles
Security principles, not promises
Zero Private Key Transmission
Your private keys are derived and used exclusively on your device. They are never sent to or processed by VLTStake servers under any circumstance.
Client-Side Cryptography
BIP39/BIP44 key derivation, transaction signing, and seed phrase encryption all occur in your browser or native app — never on our servers.
AES-256 Seed Encryption
If you opt to store an encrypted seed reference client-side, it is protected with AES-256 encryption before any local persistence.
Signature-Based Auth
Authentication uses cryptographic signatures rather than passwords stored server-side. No plaintext secrets exist on our infrastructure.
Transport Security
All communication between your device and VLTStake servers uses TLS 1.3. HSTS is enforced with a long-duration policy to prevent downgrade attacks.
Transparent Operations
Platform operations and key transactions are verifiable. We publish security policies and maintain an open disclosure process for incidents.
Infrastructure
Platform infrastructure security
Server-Side Architecture
VLTStake's backend infrastructure is hosted on SOC 2 compliant cloud providers. All servers operate with minimal required permissions following the principle of least privilege.
Database Encryption
All user data stored in our databases is encrypted at rest using AES-256. Database access is restricted to authenticated service accounts with audit logging enabled.
API Security
API endpoints are protected with rate limiting, request authentication, and input validation. Sensitive endpoints require active session tokens signed with rotating secrets.
DDoS Protection
Network-layer DDoS protection is active across all Platform endpoints. Traffic anomaly detection monitors for unusual request patterns.
Authentication
Multi-layer access security
Email + OTP Verification
Account creation and sensitive operations require email-delivered OTP codes. Codes expire within 5 minutes and cannot be reused.
Session Token Authentication
Authenticated sessions use short-lived signed tokens. Sessions expire automatically and are invalidated on logout or detected anomalies.
Two-Factor Authentication (2FA)
TOTP-based 2FA (compatible with Google Authenticator, Authy, and other TOTP apps) is available for all accounts. We strongly recommend enabling 2FA.
Seed Phrase Confirmation
Sensitive wallet operations require confirmation of your seed phrase or cryptographic signature — operations that only the key holder can complete.
Transparency
Smart contract & ledger assumptions
VLTStake leverages native secure custodial infrastructure with AES-256 encryption and multi-layer authentication. All blockchain-based systems carry inherent risks we disclose transparently:
VLTStake protocol logic depends on the continued correct operation of supported blockchain networks.
Network forks, validator set changes, or protocol-level upgrades could affect Platform behavior.
Third-party wallet software and browser extensions have their own security properties outside our control.
On-chain data is permanently public — all ledger transactions are visible to anyone.
Protocol reward rates are determined by ledger state and are subject to change based on network conditions.
Security best practices
Recommendations for protecting your wallet and assets.
Store your seed phrase offline
Write it on paper and store in a secure physical location. Never store it digitally in plain text.
Enable 2FA immediately
Enable TOTP two-factor authentication as soon as you create your account.
Never share your seed phrase
VLTStake will never ask for your seed phrase. Anyone who does is attempting fraud.
Verify URLs carefully
Always access VLTStake at vltstake.com. Bookmark the URL to avoid phishing sites.
Keep devices updated
Keep your operating system and browser updated to protect against known vulnerabilities.
Test with small amounts first
When trying new protocol features, test with small amounts before committing larger positions.
Have a security concern?
If you believe you've found a security vulnerability in VLTStake, please report it responsibly through our Help Center.
Contact Support