Tips for Securing your Salt Organisation

Always practice self-sovereign security! Salt is a facilitating tool—not a recovery service.

  1. Secure Your Wallets and Robo Guardian Infrastructure Ensure the security of the personal browser wallet(s) that belong to you and/or any bots you’ve allow access. Secure your organization’s Robo Guardian infrastructure and regularly review it. Always use strong passwords and multi-factor authentication where possible.
  2. Review Policy Configurations Misconfigurations in operational and agent-managed accounts may create vulnerabilities. Regularly audit and verify access settings.
  3. Research and Understand Third-party Services If your organisation is interacting with third-party service providers through Salt, it is your responsibility to research and thoroughly vet the third-party service, its fees and its terms. Any relationship with a third-party service provider is between your organisation and the third-party provider. In particular, Salt does not have any oversight over the services you receive from your activities with third-party services provided outside of the Salt app.

❌ Salt Cannot Recover Lost or Compromised Assets – Salt has no fallback mechanism for lost access credentials. If your wallet, signing device, or cryptographic keys are compromised, your assets may be permanently inaccessible.

What if Salt goes dark?

If the Salt platform is compromised, whether due to technical failures or censorship, all users of Salt will be able to move their funds to different wallets, permissionlessly using the Fund Removal App. Salt (as a platform or organisation) is unable to freeze funds.

How to move funds if the Salt platform fails

Salt will provide a downloadable desktop app that uses your key material to move your funds from Salt accounts to any digital asset address of the Owner’s choosing. It is offered to ensure owners cannot be frozen out of their funds should Salt go dark.

This desktop application will allow Owners to bypass all Policies in order to move funds to a non-Salt account. It is not for day-to-day usage. This desktop application is completely independent of Salt. The app will operate on a local computer independent from the Salt platform.

The organisation Owner will be able to transfer your assets from a Salt account to any valid digital asset address, on the same network as the funds to be moved.

The Owner will need access to their EOA alongside the encrypted seed phrase used to derive the EOAs used by the Robo Guardian container.

What if the cryptographic protocol goes dark?

Users only require access to the SDK and the deployed smart contracts in order to continue using INTU, the cryptographic MPC protocol underlying Salt.

Visit the INTU documentation for a detailed list of their software dependencies and what they’re used for. In brief, this includes: