EternaVault

A cryptographically enforced vault that prevents impersonation and inheritance scams using client-side encryption and on-chain verification.

Comment

Inspiration

Online scams don’t just happen through fake links — they happen through impersonation, emotional manipulation, and identity fraud, especially during sensitive moments like emergencies, legal handovers, or inheritance.
We noticed that most systems rely on passwords, emails, screenshots, or human judgment — all of which can be socially engineered.

EternaVault was inspired by a simple question:

What if scams weren’t just detected — but made structurally impossible?

We wanted to design a system where even if a scammer convinces a human, the system itself cannot be tricked.

What it does

EternaVault is a scam-proof digital vault that protects sensitive data from impersonation, inheritance scams, and identity-based fraud.

It:

  • Encrypts all files client-side so no server can read them
  • Enforces who can access data and when using immutable on-chain rules
  • Requires validator-approved verification for critical events
  • Blocks fake heirs, impersonators, and forged claims by design
  • Provides a fully auditable, tamper-proof access trail

If someone isn’t cryptographically authorized, access is impossible — no matter how convincing the scam attempt is.

How we built it

  • Frontend: React + Vite + Tailwind
  • Backend: Node.js + Express
  • Security: Client-side AES-GCM encryption (no plaintext ever leaves the browser)
  • Storage: Supabase (encrypted blobs only)
  • Blockchain: Solidity smart contract enforcing access logic
  • Identity: Wallet-based, signature-verified roles (Owner, Heir, Validator)
  • AI (optional): Generates summaries only after successful decryption

The architecture follows a strict zero-trust model:
Client encrypts → backend stores ciphertext → smart contract governs → client decrypts.

Challenges we ran into

  • Designing a system that prevents scams without relying on human judgment
  • Ensuring the backend never touches plaintext or encryption keys
  • Balancing strong cryptography with a usable, demo-friendly UX
  • Making on-chain access control understandable to non-blockchain users
  • Clearly communicating system limitations without overpromising security

Accomplishments that we're proud of

  • Built a fully working end-to-end prototype, not a mock
  • Enforced scam resistance at the architecture level, not via warnings
  • Achieved zero plaintext exposure across frontend, backend, and storage
  • Implemented real identity-based access control instead of passwords
  • Delivered a solution that is auditable, verifiable, and scam-resilient

What we learned

  • Most scams succeed because systems trust humans too much
  • Cryptography + clear role separation can eliminate entire scam classes
  • “Security by design” is far more powerful than scam detection after the fact
  • Simpler flows communicate trust better than complex explanations
  • Honest limitations increase credibility more than exaggerated claims

What’s next for EternaVault

  • Multi-validator quorum to further reduce false or malicious attestations
  • Scam simulation & training mode for user education
  • Accessibility-focused UX for non-technical and vulnerable users
  • Zero-knowledge identity proofs for stronger privacy
  • Expanded use cases like secure document escrow and identity-controlled data release

Built With

Share this project:

Updates