Trust center

Designed so no single failure moves money.

Threshold signing is the foundation, not the whole story. The signer independently validates every transaction it is asked to sign, defeating the attacks that bypass an application layer entirely.

Talk to sales Read the docs

2-of-3 MPCSigner-side validationHardware keysFull audit trail

Security

Designed so no single failure moves money.

Threshold signing is the foundation. The signer independently validates every transaction it signs, defeating attacks that bypass an application layer.

AttackWhy it fails

Compromise of one signerCan't sign alone; a threshold is required
Stolen API keyStill can't sign; the signer validates the transaction
Chain-ID substitutionValidated against an allowlist
Destination swap after signingDestination, value & data are validated

Controls

Hardened end to end.

Beyond key management, every layer assumes compromise is possible and limits the blast radius when it happens.

Authentication: Hashed keys, short-lived sessions
MFA: Time-based codes + hardware keys
Access: Granular, least-privilege roles
Audit: Every action logged with actor, IP, time

Access control

Least privilege, by role.

Access is granular and role-based. Operator access is logged end to end, and sensitive actions are recorded with actor, IP, and timestamp, exportable whenever an auditor asks.

OwnerAdminSignerProposerDeveloperFinanceSupportAuditorViewer

Put it in front of your security team.

We're happy to walk through the architecture, controls, and audit posture in detail.

Talk to sales Read the docs