Please ensure the following security suggestions are followed during the configuration process to maximize the safety and integrity of your organization’s operations.
To request a more comprehensive security assessment of your organization’s configuration, please contact our customer support team.
You can effortlessly create and edit both on-chain and off-chain transaction policies, and automate how each transaction will be handled by setting up an approval action.
On-chain transaction policies are governed by smart contracts on the blockchain networks, and only applies to Smart Contract Wallets. Off-chain transaction policies, on the other hand, are managed by the backend system of Cobo Portal and apply to all wallet types.
It is recommended to strictly configure transaction policies, especially for large withdrawal scenarios. Particular attention should be given to token transfer policies in off-chain transaction policies to avoid high-risk situations, such as:
having no transaction policies
having transactions that are not covered by a transaction policy
automatically approving all transactions
allowing the same role to both withdraw and approve transactions
Governance policies determine the approval rules under which an operation will be approved or rejected.The following list includes crucial operations in Cobo Portal, and it is recommended to configure two or more Admins for their approval.
To enhance security and reduce the risk of account compromise, it is strongly recommended that all Admins enable at least two authentication methods, with Cobo Guard as one of them.Recommended combinations include:
Cobo Guard and Google Authenticator (GA)
Cobo Guard and security key
Install GA on a different device than Cobo Guard to prevent loss of access if one device is lost.
With MPC technology, private key shares are individually generated within separate secure environments, encrypted, and divided amongst multiple parties. A set of key share holders is referred to as a holder group.
To ensure the safety and recoverability of your assets, create at least one Signing Group and one Recovery Group in addition to the Main Group.
For Main and Recovery Groups, choose high-ranking executives in your organization as key share holders, preferably with Viewer roles to minimize their involvement in daily operations. For Signing Groups, key share holders can be selected from various organizational levels based on operational needs and security considerations.
The same private key share holder (the same TSS Node ID) should not belong to different types of key share holder groups simultaneously, such as both the Main Group and the Signing Group. If this situation occurs, please ensure that there is more than one Signing Group.
After you have successfully generated a key share, you can back it up to ensure its safety and recoverability. Securely store the recovery phrase and encrypted database password for key share backup. If lost, you will need to recover the key shares using the Recovery Group, if one has been set up.For more details, see Mobile signer backup key share instructions and Server signer backup key share instructions.