How To Create My AWS  ‘Access Key ID’ and ‘Secret Access Key’

In order to establish a connection between your validator and BloxStaking, we need to generate unique access keys. Those keys are yours, and yours alone.

We broke down the process and made it as simple as possible. This is how you do it:



  1. Go to your AWS account
  2. In the search bar, type ‘IAM’
  3. Click on ‘Users’
  4. Click on ‘Add User’ in order to create a new user
  5. Choose a ‘ username’

We suggest choosing a name that will be easy to remember.



  1. Make sure to enable the ‘Programmatic access’ option before proceeding
  2. On the bottom of the page, click on ‘Next: Permissions’
  3. Of the 3 available options, choose ‘Attach existing policies directly’
  4. In the search bar, type ‘EC2’ and select ‘Amazon EC2 FullAccess’
  5. Proceed to ‘Next: Tags’
  6. You can skip this one if you’d like and just click on ‘Next: Review’
  7. Make sure that everything checks out before clicking on ‘Create User’
  8. Done! Your user is created!

Congrats! You have successfully generated an EC2 AWS Access Key and Secret Key.


This is a very important part of the security process. Since Blox is non-custodial, we won’t be able to help you reproduce these keys in case you lose them. So please make sure to store the information in a safe location.

Why Does Blox Need An Access Point to My Server?

Blox is completely non-custodial, and will remain that way. For that reason, the importance of having your own server takes on a new meaning. A key component of the Blox platform, a personal instance of KeyVault remote signer, is housed on your cloud server of choice and protects your validator key therein. This ensures that we do not have access to your validator key.

Keyvault is a Hashicorp Vault with a proprietary plug-in that supports Eth2 signing functionalities and includes built-in slashing protection. As part of set-up with Blox, Blox assists with the installation of KeyVault by providing a Wizard with instructions through the Blox Live Desktop App. During installation, Blox Live is given permissions to perform maintenance tasks for Keyvault, strictly upon opt-in with your password.

Your Eth2 validator key is stored safely in your Keyvault remote signer, and is used when incoming requests from the blockchain are sent from Blox Infra. Every time you’re called upon to complete a duty, Blox Infra will send the request to your server for signing using http requests and an access token mechanism. KeyVault will analyze the request and sign if appropriate, then send it back to complete the block. Therefore, your server will only communicate with our infrastructure when it’s your turn to attest or propose; in a limited, encrypted capacity.

What is my 24-Word Seed?

Your 24-word seed is a complete backup of your assets, in this case, all of your Staked ETH. 


It’s absolutely CRUCIAL to store your 24-word seed securely, offline. NEVER enter that combination into any device connected to the internet. And yes, that includes your smartphone and computer.



  • Never take a picture of your recovery seed 
  • Never type the recovery seed into a computer or phone 
  • Never save it in cloud storage and never upload the seed on the internet. 
  • Make sure to copy down the recovery seed correctly

What is My Blox Password?

Your password is an additional security layer generated in Blox Live that is used on top of your 24-word ‘seed’ passphrase.  Also known as the 25th word. 


Similar to any of your other passwords (just a little more sensitive), you can pick any set of letters, numbers and characters as your password. The password allows you to perform management tasks and access your secure data in Blox Live.


What is a Validator Key?

Your validator key, much like your ‘normal’ Eth1 key, uses elliptic-curve cryptography. However, in Ethereum 2.0, your keys have additional functionalities, and require different parameters when being created, leveraging the Boneh-Lynn-Shacham (=BLS) signature processes.

Breakdown of Ethereum 2.0 Keys

In Ethereum 1.0, users have a single private key to access their funds. Ethereum 2.0 requires two different keypairs. Validator keys and withdrawal keys.


The Validator Key

The validator signing key consists of two elements:

  • Validator private key
  • Validator public key

The role of the validator private key is to actively sign on-chain (Eth2) duties, namely attestations and block proposals.

The validator public key is included in the deposit data which allows Eth2 to identify and associate between the validator and the ETH funds.


The Withdrawal Key

The withdrawal key is required to move (or withdraw) the validator balance.

Although being developed and already accounted for, this ability will only be made available in later phases of Eth2 (expected in Q1 of 2021).

Much like the validator key, the withdrawal key also consist of two components:

  • Withdrawal private key
  • Withdrawal public key

Losing this key means losing access to the validator, and the entirety of the ETH balance at stake. A validator is still able to propose and attest if a withdrawal key is lost; however the ETH at stake is not accessible for withdrawal or transfer without this key.

Ethereum 2.0 Staking Deposit Process

In short, there are four main steps when making a staking deposit, or in other words, fueling your validator so that it can start accumulating revenue. 


1. Mempool – Status: Unknown

The first step of the process takes place in the Mempool, which acts as a sort of waiting room for the transactions. During this step, the transaction status is pending, waiting approval. 

The speed and execution of the transaction depends on the chosen gas fee. Miners ‘pick’ the transactions with the highest gas fees, since they will receive higher returns. If the network is highly congested (many pending transactions), cost of transactions (gas fees) goes up. In this case, there is a higher chance that new transactions will ‘outbid’ older transactions, causing significantly longer wait times. 


2. Deposit Contract – Status: Deposited

Once step one is complete, and the transaction is ‘picked’ by a miner, the transaction will reach the deposit contract. In this step, the deposit contract checks the transaction for its input data and value. This process takes an average of 7.5 hours.

If the threshold of ETH is not met or the transaction has no/invalid input data, the transaction will be rejected and the funds returned to the sender’s address.


Why does this take 7.5 hours?


In order to avoid mistakes or incorrect deposits, the network can only review transactions that have been in the deposit contract for 1024 Ethereum 1.0 blocks. This ensures that transactions do not end up in a reorged block. 

In addition to the 1024 Ethereum 1.0 blocks, 32 Ethereum 2.0 Epochs must also pass before the beacon chain recognizes the deposit. During these 32 Epochs, randomly selected validators vote on newly received deposits, to approve their validity.


So why exactly 7.5 hours?


1024 blocks = 1024 x ~13 seconds = 13,312 seconds = ~4 hours

32 Epochs = 32 x 6.4 minutes =  204.8 minutes = ~3.5 hours

Once this step is complete, the validator status will change to Deposited on the Beacon Chain explorer.


3. Validator Queue – Status: Pending

Once step two is complete, the ETH deposit is officially accessible from the beacon chain. Much like the previous steps, the Validator Queue phase also requires waiting. Depending on how many deposits were made to the network in total, a queue is formed. Each Epoch, only four validators are activated, which comes to about 900 validators a day.


There is an exception to the rule.


The first 16,384 Validators are called the genesis validators since they participate in the Genesis Block . These validators are not placed in a queue, but rather start staking from Slot 0. In this case, a validator would only wait to reach the minimum number of validators required to ‘activate’ the network.


4. Staking – Status: Active

The final stage of the Validator deposit process. In this phase, the validator is actively staking, signing attestations, proposing blocks, and more importantly, earning rewards in the form of ETH for its activity. 

What is the difference between the Testnet and the Mainnet?

As a new Staker, you are faced with an option to stake on the ‘Testnet’ or the ‘Mainnet’ (coming soon). Although the name ‘test’ indicates its functionality, it’s still important to clarify what it really means. 


Public Testnet(s)

Public Ethereum blockchains that are designed for community testing before Eth2 goes live. Sandbox environments where developers and early stakers run valueless ETH (called GoETH) that mimics the mainnet environment as closely as possible.

Examples: Medalla, Spadina, Zinken


Local Testnet(s)

Private, local blockchains running on an individuals personal machine or on a small scale. 



The live, public Eth2 blockchain where actual transactions occur, with real live ETH. The mainnet is set to be released in late 2020.

How to Complete your GöETH Deposit in Blox Beta for The Medalla Testnet

This guide instructs you how to complete the validator setup process with Blox Beta, by depositing the required 32GöETH to the Medalla Testnet.

Keep in mind that GöETH isn’t ‘real’ currency, it’s valueless and is only meant to mimic the real deal for testing purposes.

When you reach the final step of the Blox Beta Wizard, right after you ‘Generate your Keys’, you’ll find yourself at this screen:

At this point you will need to deposit GöETH using your crypto wallet.  We’ve provided instructions for our preferred wallets, MyEtherWallet and MetaMask.


Important: Make sure to leave the Blox Beta Wizard open while you complete this process.

How To Make the GöETH Deposit with MyEtherWallet


Step 1: Access Your MEW Account 

On your MEW App or your Hardware Wallet, navigate to your Dashboard.


Step 2: Choose Your Network

On the right side of the Dashboard, select ‘Network’. Then, select the ‘GOERLI’ Network.

Step 3: Make Sure You Have Enough GöETH

Once you select the GOERLI Network, you’ll need to get at least 32 GöETH. We recommend having a little more to cover the gas costs.

To get your GöETH, return to the Blox Beta Desktop App and click on the ‘Need GöETH’ button. If you require any assistance at this stage, reach out on our Discord channel.


Step 4: Deposit the GöETH into the Smart Contract

In your Blox Beta Desktop App, copy the Address and the Tx data:

In your MEW Dashboard, click ‘Send’


In your MEW wallet, paste the Address in the ‘To Address’ box.


You’ll see a pop-up informing you that the address belongs to a Smart Contract, don’t be alarmed, that means that it’s the right recipient.


In your MEW Wallet,  enable the ‘Data & Gas Limit’ section. 


Once the ‘Advanced’ section has expanded, paste the Tx Data into the ‘Add Data’ box.

That’s it! Now you can go back to your Blox Beta Dashboard to monitor the approval process.

How To Make the GöETH Deposit with MetaMask


Step 1: Open your MetaMask Wallet

You can make the deposit from your mobile device or your web extension, the process is almost identical.


Step 2: Select the ‘Goerli Test Network’ 

In your toolbar, on the upper right corner of your screen, you’ll find a drop down list containing all of the available networks that MetaMask supports. 

Select the ‘Goerli Test Network’.

Step 3: Show Hex Data

Make sure that the ‘Show Hex Data’ is enabled in your MetaMask account.


Go to your MetaMask Settings, click on ‘Advanced’.

Scroll down until you find the ‘Show Hex Data’ button, make sure it’s enabled.

Step 4: Add your ‘Recipient’ 

In Blox Beta, copy the Address and the Tx data.

In your MetaMask Dashboard, click ‘Send’. 


Paste the Smart Contract Address you copied from Blox in the ‘Add recipient’ box.

Step 5: Make the GöETH deposit

Add the following information in the fields that appear:

Asset: 32 ETH (GöETH)

Transaction Fee: Fast (since its not real ETH, might as well speed up the process) 

Hex Data: paste in the TX data that you copied from Blox

That’s it! Now you can go back to your Blox Beta Dashboard to monitor the approval process.

Optimizing AWS Server Storage Space

The first year of using AWS is free, thereafter, you will be charged according to the amount of storage space you have used. To make sure that you’re not carrying ‘dead weight’ in your AWS account, you need to check 3 categories: 

  • Instances 
  • Elastic IPs 
  • Security Groups


In total, you should have one Instance, one Elastic IP, and one Security Group for your validators, mainnet and testnet. 


Before entering your AWS account, make sure you have the following:


  • Your Mnemonic Passphrase/Seed.
  • The latest version of Blox Staking. [download page link]


  1. Access your Config files [link] 


  1. Find and open your .JSON file (not ‘-temp.JSON’ file) inside the config files.


The name of the file depends on the registration flow you originally chose.


For example: if you registered using ‘Google’, the name should look like blox-google-0auth2.json, if you used GitHub, blox-github-0auth2.json

3. Inside the .JSON file, search for your ‘PublicIP’ (ex: “publicIp”: “”)

Now that you have your publicIP, you can check your Instances, Elastic IPs & Security Groups for unneeded data that can be removed to save storage space.

Additionally, inside the .json file, you’ll also be able to see your Security Group ID, ElasticIP and InstanceID, just so you can double-check your AWS results.

Locate/Update AWS Instances

1. In your AWS account, to the right of the search bar, Select ‘N.California’ as your displayed Timezone

2. On the homepage, select ‘EC2’. If it does not appear on the homepage, search ‘EC2’ in the search bar.

3. Inside EC2, select Instances (running):

4. With your PublicIP,  filter in the search bar to identify the relevant / active Instance. Any additional Instances can be deleted.

5. Select the Instance(s) you’d like to remove. To delete, select ‘Terminate’.

6. Wait a few minutes to make sure that the instance(s) have been deleted.

Locate/Update Elastic IPs

1. On the homepage, select ‘EC2.’ If it does not appear on the homepage, search ‘EC2’ in the search bar.


2. Select Elastic IPs

3. Once inside, you’ll be able to find your Elastic IPs


4. Using theactive Instance ID  identified in the steps above, select the Elastic IP(s) that do not match and which can be removed. To delete, select ‘Disassociate Elastic IP address’’. 

Locate/Update Security Groups

1. On the homepage, select ‘EC2’. If it does not appear on the homepage, search ‘EC2’ in the search bar.

2. Select  ‘Security groups’

3. Once inside, you’ll be able to find your Security Groups


4. To delete a Security Group, select “Delete security group.’ 


*Only delete BLOX_INFRA group, DO NOT delete ‘default.’

Blox Recovery Tool

In the off chance that you encounter an issue that cannot be resolved, or you’re not able to receive a prompt response in Discord, have no fear, the Recovery Tool is here! 

*Keep in mind that the recovery tool can also be used in case you wish to access Blox from a different computer.

Before getting started, please keep an eye on a couple of things:

  •  that you have your Seed/Passphrase, you’ll need it to re-access your account!.
  • You are running the most up to date version of Blox [link download page]

Recovery Steps

  1. Go to your Config Files [link].
  1. Once inside, locate the folder called: ‘blox-live-desktop-app’
  1. Delete the ‘blox-live-desktop-app’ folder

*Before you delete everything, please make sure to extract both the error logs as well as the debug logs so we can investigate the issue, just to make sure it doesn’t happen to anyone again. 

  1. Open Blox Staking

Upon opening, you will be asked to insert your Passphrase/Seed in order to continue.

If the issue persists, please contact us through Discord or Email. We will get back to you ASAP!

Download & Run Blox Live

Onboarding Process:


Step 1 – KeyVault Set Up


  1. Select Your Cloud Provider (We only support AWS at the moment, more options coming soon)
  2. Connect AWS Keys to Blox Live Desktop App.



Don’t Have an AWS Account? Create one here.


  1. Generate Your Seed.
  2. + Create Your Blox Password (25th word).


Success! KeyVault is now installed on your own server.



Step 2 – Validator Set Up 


  1. Choose Testnet / Mainnet 
  2. Generate Your Validator Keys:
    1. Validator Keys (public and private)
    2. Withdrawal Keys (public and private)


Step 4 – Make the Staking Deposit


Not sure how? Check out our MEW & MetaMask Guides [Link


Step 3 – Wait for Network Confirmation (4-18 hours).

Once approved, you’ll have officially launched your validator!

How to Access Config Files On Mac & Windows

Blox is completely non-custodial and for that reason, we do not have access to your files or personal details.


To fix issues, check past errors or restart the application, we need access to Config Files.


How To Access Config Files on Mac

  1. Press & hold the ‘option’ key, in the top toolbar, select ‘Go’. 
  2. While keeping the ‘Option’ key pressed, click on ‘Library.’
  3.  In your ‘Library’ search for: ‘Application Support”  
  4. Access ‘blox-live-desktop-app’


And that’s it, you’re in the right place.

How To Access Config Files on Windows

  1. Go to ‘users’
  2. Click on ‘AppData’
  3. Once inside, click on ‘Roaming’ 
  4. Finally, go to ‘blox-live-app’


Alternatively, you can also use the shortcut route: