Today’s post is going in a bit of a different direction, but discussing with the other maintainers we occaisionally comment how much people don’t realise we’re actually highly professional team, and it occurs I should really push some of this out there. Everyone who has maintainer access to the Dogecoin Core code has been doing this for years. The team brings over 30 years experience in blockchain technology, significantly longer working in software engineering or related disciplines.
The reason I’m talking about this, is while going over the Dogecoin security setup with someone, we realised a lot of other cryptocurrencies don’t take precautions we do, and the responsible thing is to let them know. At this point you’re expecting a hugely complex system I know, but don’t worry, starting simple today.
Back in March two decentralised finance projects had their websites replaced, by an attacker replacing their DNS. We don’t know exactly how this occurred, but I can talk about the steps Dogecoin uses to prevent a similar attack. Virtually all of this is public information BTW, I’m not revealing any secrets here, just highlighting it:
- Registration and DNS hosting is with Amazon Route 53. They’re a bit pricier than other options, but I feel it’s reflected in their expertise.
- We use accounts with limited access for most of actions on the domain, so if one of those accounts is compromised it has limited impact.
- We use two factor authentication.
- We enable DNSSec in Route 53, which protects against someone spoofing DNS records.
- As we use Route 53 for DNSSec, the private key used to sign the records is held in Amazon KMS, again providing another layer of defence that even if someone got into our AWS account, they couldn’t get to the key.
It ends up costing about $10 a month, rather than maybe $10 a year for the cheap options, but it helps keep everyone safe.