LogoLogo
  • General
    • ๐Ÿ‘‹Welcome to Kinto
    • ๐Ÿ“”Terminology
    • ๐Ÿ“ƒLitepaper
    • ๐Ÿ“„One Pager
    • ๐Ÿ”—Links
    • ๐ŸคPartners and Collaborators
    • โ“FAQ
  • User Guides
    • ๐ŸŒŸSign Up Walkthrough
    • ๐Ÿ—๏ธKYC Walkthrough
      • ๐Ÿ”‘Synaps Walkthrough
      • ๐Ÿ”‘Plaid Walkthrough
    • ๐Ÿ“„KYB Walkthrough
    • ๐ŸชŸPasskeys on Windows Walkthrough
    • Setting up a 1Password Passkey
    • โ”Troubleshooting/Help
    • ๐Ÿ’ฐKinto Deposits
      • Onramp on Kinto
    • ๐Ÿ’ธKinto Withdrawals
      • ๐Ÿ—๏ธRecover funds from my Passkey address
      • ๐ŸŽWrapping ETH in your Kinto Wallet
      • Offramp on Kinto
    • Swap on Kinto
    • Lending & Borrowing
    • Hyperliquid
      • Fees
      • Deposits
      • Creating Orders
      • Closing an Order
      • Withdrawals
    • Send to other Kinto Wallets
    • Token Sale Participation
    • Full Account Recovery
    • $K Transfer
      • Withdraw $K
      • Send $K on Kinto
      • Deposit $K
      • Swap $K on Kinto
    • Recover Funds from an X Signer
    • $K Lend and Borrow Market
      • Supply USDC to $K Lending Market
      • Withdraw USDC from $K Lending Market
      • Add $K and Borrow USDC
      • Repay USDC and Withdraw $K
  • Security/KYC/AML
    • ๐Ÿ”‘Securing Kinto
    • ๐Ÿ“ƒSecurity One Pager
    • ๐Ÿ”Security and Risk Management
    • ๐Ÿ›ก๏ธWallet Insurance
    • โš™๏ธUser Owned KYC
    • ๐Ÿณ๏ธEnabled Countries
    • ๐Ÿ”’Beware of Scams
    • โœ…Kinto Validators
    • ๐ŸคบSecurity Council
  • Building on Kinto
    • โ„น๏ธNetwork Information
    • ๐ŸงฑKinto Rollup Architecture
    • โ•Differences with other rollups
    • ๐Ÿค–Rollup Features
      • โš™๏ธCreate2
      • ๐Ÿ”ฅKinto Account Abstraction
      • ๐Ÿ›ก๏ธKintoWallet
      • ๐ŸชขMusubi - Chain Abstraction
    • ๐Ÿ’ปDevelopment guide
      • 1๏ธโƒฃ1๏ธโƒฃ Setup your Deployer EOA
      • 2๏ธโƒฃ2๏ธโƒฃ Environment setup
      • 3๏ธโƒฃ3๏ธโƒฃ Creating your Kinto App
    • โ›ฉ๏ธInteracting with your Kinto App
      • ๐Ÿค–Interacting with contracts
      • ๐Ÿ‘ฉโ€๐ŸญCreate a Web Dapp
    • ๐Ÿ“—Smart Contract Reference
      • KintoAppRegistry
      • KintoID
      • KintoWalletFactory
      • Kinto Wallet
      • SponsorPaymaster
      • Kinto EntryPoint
      • KYCViewer
      • Faucet
      • EngenCredits
      • EngenGovernance
    • ๐ŸŒKinto Wallet Web SDK
    • ๐ŸชRunning kinto nodes
    • โš’๏ธTools
      • โ›ˆ๏ธNode RPC
      • ๐Ÿ—๏ธBuild Tools
      • ๐Ÿ—บ๏ธBlock Explorer
      • ๐ŸžDebugging and monitoring
      • ๐Ÿ”ฎOracle - Pyth
      • Firewall - Venn
    • ๐Ÿš€ICO Platform
  • Governance
    • ๐Ÿง Introduction to the Kinto DAO
    • ๐Ÿ““Kinto Constitution
    • ๐Ÿ“ƒKIP Proposal Template
    • ๐ŸŒ„Engen Proto-Governance
    • โ›ฉ๏ธKinto Token
      • Information, addresses and links
  • ๐Ÿ’งLiquidity Programs
    • ๐Ÿ› ๏ธMining Program
    • โšซEngen - Launch Program
    • ๐Ÿช™K Token Sale
  • Sakura Mining Season
Powered by GitBook
On this page
  • ๐Ÿ”’Security before joining KINTO
  • ๐Ÿ”’Security while on KINTO
  • ๐Ÿ”’Security when leaving KINTO
  • ๐Ÿ”’The KINTO team and best practices
  1. Security/KYC/AML

Security One Pager

PreviousSecuring KintoNextSecurity and Risk Management

Last updated 2 months ago

Kinto is the safety-first L2, built on the Arbitrum Nitro stack (first of its class) that features user-owned KYC/KYB, AML, fraud detection and KYT, enforced at the node level. These features are seamlessly integrated with your smart account - multisig by default- powered with account abstraction, making Kinto not only the safest L2 but also the most usable.

๐Ÿ”’Security before joining KINTO

Kintoโ€™s onboarding starts with the user selecting a KYC/KYB provider (on launch we feature and ), these providers have been selected for their past security history, GDPR compliance and strict PII handling. These KYC/KYB processes always include a biometric liveness check and document fraud/ manipulation detection. It is worth mentioning that no PII is stored on Kinto servers or on the chain itself. All individuals/corporations are also checked for AML, fraud, PEP, OFAC list hits.

Upon approval of this, first-level users are generated a passkey based (non-custodial) EOA signer and minted a soulbound NFT, the . Finally, the smart contract is deployed and the user can set additional signers and custom signing policy. Every signer added to any Kinto Wallet is also analyzeds via . Chainalisys KYT service provides good insight on source of funds (Tornado Cash) and interactions in previous scams, frauds or illegal activities. Once an individual/corporation has passed all these checks, they are allowed to interact with the network.

๐Ÿ”’Security while on KINTO

All transactions to the network need to be initiated by a Kinto Wallet with a valid KintoID, our set of smart contracts together with the node-level whitelisting of the account abstraction EntryPoint achieve this. We have modified the Arbitrum Nitro stack with the help of the Arbitrum team and these changes (alongside all of our smart contracts) are audited by three external teams: Pessimistic, MixBytes and Certora. More information about security, the audits and our processes can be found in our Github security .

All of the KYC/KYB and Chainalysis integrations offer continued monitoring systems for all mentioned checks above. KintoIDs will become invalid upon the receival of any flags by these systems. Additionally, KintoIDs also become invalid if not positively monitored by our systems. Protocols can install a firewall that verifies every tx before they happen using .

The Kinto chain integrated protections constantly monitoring (statically and dynamically) for hacks/rugs/scams at the smart contract level, analyzing both the contracts themselves and the behaviors of the txs for potential bad actors.

๐Ÿ”’Security when leaving KINTO

If none of the previously mentioned systems have been able to stop an attack against the network or its users, our is able to intervene and reveal the information of the attackers to the KYC/KYB providers and in turn to the authorities. In extreme cases, the security council can stop the bridge itself before the 7 days finality limit.

๐Ÿ”’The KINTO team and best practices

Members receive security training, abide by industry best practices in password/passkeys, MFA, hardware based security, VPNs and threats both digital and physical. Team access is limited and audited. All API keys and secrets are managed via enclaves/secret managers/vaults and rotated often based on criticality.

For more information please contact security@kinto.xyz

๐Ÿ“ƒ
wallet
Synaps
Plaid
Turnkey
KintoID
wallet
Chainalysis
repository
IronBlocks
Hypernative
security council