ecrop offers its clients an optional Ethereum (ETH) staking service. This service allows clients to delegate their ETH holdings for transaction validation on the Ethereum network and earn staking rewards in return. Participation in the staking service is voluntary and subject to a separate supplementary agreement. The technical architecture of the staking service is designed for security, efficiency, and compliance:
  • Validators: ecrop operates its Ethereum staking validators independently and does not rely on external service providers. Validators run on dedicated, high-availability servers located in secure data centers and are protected by firewalls, intrusion detection systems, and other robust security measures. These validators undergo regular maintenance and updates to ensure the ongoing security and stability of the system.
  • Signer Wallets (AWS KMS): Signer wallets, used for transaction signing, are encrypted and stored securely within the AWS Key Management Service (KMS). Access to these wallets is strictly governed by IAM roles and policies.
  • Monitoring: Validator performance and staking rewards are subject to continuous monitoring. ecrop employs a comprehensive monitoring system to ensure the stability and efficiency of the staking service and to provide early detection of slashing events.
  • Smart Contracts: Staking functionality is implemented using smart contracts deployed on the Ethereum blockchain. These smart contracts are immutable, guaranteeing the transparent and secure distribution of staking rewards.
The individual components of the staking service perform specific functions:
  • Validators: Validators are responsible for validating transactions and creating new blocks on the Ethereum network. They are a crucial element of the Proof-of-Stake consensus mechanism, contributing significantly to the network’s security and stability.
  • Signer Wallets (AWS KMS): Signer wallets are dedicated to signing transactions. They are encrypted and stored securely in AWS KMS, protected against unauthorized access. Signer wallets are kept separate from owner wallets to minimize the risk of compromise.
  • Smart Contracts: Smart contracts govern the distribution of staking rewards and define the terms of participation in the staking service. Their immutability ensures transparent and secure staking operations.
  • Monitoring System: The monitoring system provides real-time oversight of validator performance and staking rewards. It generates alerts for critical events, facilitating a swift response to any disruptions.

Security of Staking Assets

Security of staked assets is paramount. ecrop utilizes a multi-layered security architecture to provide comprehensive protection:
  • Secure Key Generation: Keys are generated in HSMs using cryptographically secure random number generators (CSPRNGs). This process is performed offline, and the generated keys never leave the HSMs unencrypted.
  • Stringent Access Controls: Access to validators and signer wallets is protected by stringent access controls, including role-based access controls (RBAC) and multi-factor authentication (MFA).
  • Encryption: All data is encrypted both in transit and at rest. TLS 1.3 is used for data in transit, and AES-256 encryption is employed for data at rest. Keys are securely managed within HSMs.
  • Regular Security Reviews: ecrop performs regular security reviews, including penetration testing, security audits, and vulnerability scans, to identify and address potential weaknesses.
  • Incident Response Plan: A comprehensive Incident Response Plan is in place to address security incidents effectively. This plan encompasses incident identification, root cause analysis, implementation of countermeasures, and communication with relevant stakeholders.

Operational Processes: Efficient and Secure Execution

The operational processes of the staking service are optimized for efficiency and security:
  • Staking Activation: Staking activation is a user-friendly process on the ecrop platform. Clients select the desired amount of ETH to stake and confirm the transaction. ecrop manages the delegation of ETH to the validators.
  • Validator Management: ecrop continuously monitors validator performance to maintain the stability and efficiency of the staking service. Automated alerts are triggered for any detected anomalies.
  • Rewards Distribution: Staking rewards are automatically distributed to clients in a transparent and auditable manner via smart contracts.
  • Unstaking Process: The unstaking process is user-friendly and managed on the ecrop platform. Staked ETH is returned to the client’s wallet upon completion of the unstaking period.

Risk Management: Comprehensive Risk Assessment

Risk management is an integral part of the staking service and is fully integrated into ecrop GmbH’s overall risk management framework. It includes the identification, assessment, mitigation, and monitoring of all relevant risks associated with the staking service. Key risks include:
  • Slashing Risk: The risk of validator penalties due to misbehavior (e.g., downtime, double-signing), resulting in a loss of ETH.
  • Performance Risk: The risk of fluctuating staking rewards due to network conditions or validator performance variability.
  • Liquidity Risk: The risk of limited access to staked ETH during the staking period.
  • Smart Contract Risk: The risk of vulnerabilities within the smart contracts governing the staking process.
  • Network Risk: The risk of disruptions or outages within the Ethereum network.
  • Compliance Risk: The risk of non-compliance with regulatory requirements related to staking activities.
ecrop has implemented comprehensive measures to mitigate these risks and safeguard client assets.

Interfaces and Integration: Seamless Interaction

The crypto custody solution is integrated with the ecrop platform via a secure REST API, enabling secure and efficient data exchange with other systems. The API is documented, versioned, and utilizes JSON as its data exchange format.
  • Endpoints: Comprehensive API documentation details all API endpoints, including function descriptions, parameters, data types, and expected return values.
  • Authentication: The API employs JWT-based authentication and authorization via API keys. Detailed documentation of the authentication process is provided.

Compliance Features: Adherence to Regulatory Requirements

The ecrop platform incorporates various compliance features to ensure adherence to all applicable regulatory requirements:
  • Monitoring: Continuous system monitoring of all wallets and transactions is performed to detect suspicious activity, triggering automated alerts for critical events.
  • Reporting: Automated report generation for clients and regulatory authorities is supported, with flexible customization options to meet individual requirements.
  • Controls: Integrated control mechanisms are in place to ensure compliance with regulatory requirements, including adherence to KYC/AML regulations and transaction data validation.

Continuous Improvement and Maintenance: Security and Innovation

ecrop is dedicated to the continuous improvement and maintenance of its crypto custody solution. Changes are implemented and documented following a defined change management process. Regular security reviews and penetration testing are conducted to ensure ongoing system security.