Astral is a web wallet for Stellar. We built Astral because we wanted strong security with the added convenience of not having to store secret keys.

We believe Astral fills a strong need in the cryptocurrency ecosystem; security and efficiency in a user-friendly package. By using Stellar as the currency from which we built Astral, we’re able to capture this trifecta.

Screenshot

Screenshot

What makes Astral different?

Security

  • Data is encrypted with AES-256, and never in flight decrypted
  • Our website traffic runs entirely on SSL
  • Mandatory TOTP-based 2 Factor Authentication for all accounts
  • Passwords are hashed with Argon2, the winner of the 2015 Password Hashing Competition.

Human Customer Support

  • Customers may reach us via an email address
  • Extensive logging and monitoring infrastructure to diagnose issues

Multiple Addresses per Wallet

  • Organize your Wallet with multiple addresses
  • View transaction histories and statuses by address

Federation

  • Support sending to federated addresses by default
  • Receive lumens through you@youremail.com*astralwallet.io

Support of popular Stellar-based Tokens

  • Support of new tokens as they come out, per customer request

Future improvements

  • Mobile and desktop clients
  • Supporting Stellar-based tokens
  • Supporting purchasing Stellar with BTC and USD
  • Improving per user feedback

Please give Astral a try and send feedback to support@astralwallet.io!

Looking good! Since you had no comments, like my project; i thought i would give you props on getting your project submitted into the challenge. I wish you the best of luck ?

a month later

Dev Update

  • Astral now supports its first token: MOBI by Mobius.
    • Trustlines will be automatically established for each account as XLM balance requirements are met
    • As of now, ~80% of accounts have been automatically upgraded, and the rest will update if and when payments flow into them
  • Astral can now add additional tokens at will
    • Comment here or email support at astralwallet.io for new token suggestions

Thanks for your feedback in all the other threads and emails. Keep it coming because we're actively improving Astral.

P.S. Here's a screenshot:

Dev Update

  • Status Page released: http://status.astralwallet.io
    • We realized we needed a better way to communicate with customers if we have internal issues. An example of this was the Horizon bug a few weeks back that prevented the ledger from updating past ledger 14702880, requiring an emergency upgrade.

Here's a screenshot:

Since security is so important, we wanted to be transparent and share how we store secret keys and authentication information. I will note, it is extremely difficult to secure anything, and if you are holding a large amount of cryptocurrency, you should do so on a cold-storage wallet. If it is a particularly massive amount, then generate your wallet inside a Faraday Cage should someone try and Van Eck phreak you.

Looking forward to any thoughts or feedback.

Draft: Astral Security Documentation (PDF)

a month later

Dev Update

  • We now auto-enroll accounts to an external inflation pool! (xlmpool.com, no affiliation)
    • This means that accounts with sufficiently large XLM deposits earn XLM every week
7 days later

Dev Update

  • Password resets are enabled for accounts that have 2FA verified!

@zain

Hi, I did try to register from my phone but I can't scan my own screen QR and can't find the 2FA code either so I abandoned.

  • zain replied to this.

    MisterTicot - Unfortunately the site is not mobile responsive. Please try registering on a desktop. We're actually working on mobile responsiveness now :-). Thanks for your feedback.

      14 days later

      Astral have receiving and sending path payments?

      12 days later

      zain I setup my astral wallet and received some XLM in return recently, thanks. Could you kindly explain how and which xlm pool my coins go towards. Or if easier, point me to a reference on explaining this concept in more detail. I can seem to locate a reliable source on this topic.

      @elfbark sorry for the delayed response! We set the inflation destination to http://xlmpool.com/ 's address. XLM never leaves your account. They collect inflation by pooling votes, since 8 million votes are required to receive inflation. They keep 10%, and pass the other 90% directly to you. Other than setting the inflation destination automatically for your address, Astral plays no other part in this. You may read more about inflation here: https://www.stellar.org/developers/guides/concepts/inflation.html

      @Leki can you please elaborate on your question?

      Dev Update

      • 2FA device resets are enabled
      • 2FA backup codes are implemented, in case your worried you may lose your 2FA device. We strongly recommend all users download and print / save the 2FA backup codes for your account

      To access these features, log in to https://astralwallet.io and visit the settings tab.

      Thanks to everyone suggesting improvements. We have so many more improvements in store for you guys! We will continue to prioritize stability, security and customer support though. For the fastest response, email us at support at astralwallet.io.

      5 days later

      Dev Update

      • Signup flow is mobile responsive
        • One of our major complaints was the difficulty of signing up on a phone
      • Deployed public-facing design updates
        • We'll iron out any issues and then start deploying within the wallet
      • Improved usability of setting up the mandatory 2FA protection
      • Added redundancy to our stellar-core and Horizon cluster to improve stability as more people join

      Again, thanks for the feedback and suggestions for Astral. We will continue to push out updates responsibly, to the best of our ability.

        zain Thanks for the update Zain, really appreciate the regular updates.

        11 days later

        Astral Dev Update

        • Payment confirmations require 2FA codes

          From now on, a valid two-factor authentication code is required to submit a payment. We realize that this is inconvenient, but after weighing the tradeoffs, it is necessary. We apologize for those that find it a nuisance.

          This ensures that a client-side script injection can't submit payments on your behalf when you log in. It also defends your funds if you accidentally stay logged in to Astral and step away from your computer. We already automatically log you off after 30 minutes of inactivity, but this adds an extra layer of protection.

        • Better browser support for logging in

          Many of you complained that our login didn't work in certain browsers. We've pinpointed the issue, and now you should be able to log in from all browsers, even in incognito / private mode!

          We absolutely realize the value of private browsing.

        Thanks everyone for continuing to provide valuable feedback. We love you!

        - The Astral Team
        Astral

        Just a clarification on the prior update: there is no way to turn off 2FA authentication on outgoing payments. We realize it is inconvenient, but its well worth it!

        11 days later

        Dev update

        • Strong passwords are now enforced using Dropbox's open source tool using "low budget password strength estimation"
        • Redundancy with our stellar nodes to help us scale up with growth
        14 days later

        Dev update

        Astral now is fully compatible on mobile!

        Mobile-responsive wallet