Custody is split so no single region, cloud, or operator, including us, can ever move funds alone. Everything else, encryption, access, monitoring, recovery, is built around that guarantee.
Every signing key is split into three shards held in three regions on three clouds. Any two can authorize; no one can act alone.
Sealed in a FIPS 140-2 L3 HSM. Participates in signing, never reconstructs the full key.
A different cloud and jurisdiction, so no provider or region is a single dependency.
The third independent shard. Two-of-three signs; a lost region never loses the funds.
The guarantees that surround custody, from the network edge to the audit log.
TLS 1.3 in transit, AES-256 at rest, with keys managed in dedicated HSMs.
SSO, hardware keys, and just-in-time, fully logged access to production.
24/7 detection on policy, behavior, and on-chain activity, with on-call response.
Pre-registered guardians and time-locks. Procedures rehearsed quarterly.
Every address and transfer screened against sanctions and risk lists.
Every action stamps a tamper-evident, exportable ledger entry.
Found something? We run a coordinated disclosure program and reward valid reports. Encrypt sensitive details with our PGP key and we will acknowledge within one business day.