How to Eliminate Risks From Malicious Custodian?

The malicious actions or security oversights of digital asset custodians directly threaten the safety of assets and can lead to devastating losses. Establishing a reliable risk prevention mechanism for custody has thus become critically important.

If the custodian acts maliciously, for example:

• They could exploit their control over client assets to transfer funds to accounts or wallets they control.
• They could create fake transactions on their platform to manipulate prices or trading volumes for profit.
• They could defraud users by falsely claiming financial difficulties or plans to exit the market, intentionally delaying or refusing client withdrawal requests.
• Internal employees of the custodian could collude with external criminals to bypass security measures and steal assets.

If the custodian is passively negligent, for example:

• The custodian fails to implement sufficient security measures to protect client assets, resulting in successful external attacks.
• There is negligence in private key management, such as storing private key backups in insecure locations, lacking strict private key distribution and usage procedures, and not adopting advanced private key protection technologies like MPC. This could lead to catastrophic consequences.
• The custodian’s technical architecture has fundamental flaws, such as high single-point failure risks, lack of effective disaster recovery mechanisms, and code that has not been strictly audited, all of which could lay the groundwork for security incidents.
• The custodian ignores regulatory compliance requirements and fails to establish a robust compliance framework.
• The custodian does not have a well-established risk control system in place, and is unable to identify and respond to risks in a timely manner.

As a self-custody service provider, Safeheron fundamentally eliminates the possibility of custodian malfeasance through innovative MPC and TEE technologies, a zero-trust multi-layered security architecture, strict security audits, highly recognized industry security certifications, and comprehensive insurance coverage.

Safeheron’s Solutions

Customers 100% Control Private Keys

Customers Hold All Private Key Shards: In Safeheron’s MPC (Multi-Party Computation) architecture, institutional users hold all private key shards and use threshold signature technology (t/n scheme). A transaction can only be executed when a preset threshold number of signatories agree. This design eliminates the possibility of custodian malfeasance and third-party cloud service providers, ensuring absolute user control over assets.

Each private key shard is also protected by strong encryption technology, remaining encrypted during transmission and storage. Combined with Intel SGX-based Trusted Execution Environment (TEE), Safeheron ensures that even in complex and changing network environments, customers’ private key shards can be safely stored in a hardware-level secure isolation environment that is protected against sniffing and tampering, becoming a secure paradigm for digital asset management.

Self-Custody Model: Safeheron adopts a true self-custody model, where the platform and third-party cloud service providers cannot unilaterally obtain or use customers’ complete private keys. Unlike traditional custody services, Safeheron’s self-custody solution is built on the zero-trust security principle, combining blockchain technology with modern cryptography to form an immutable technical protection mechanism.

The system design follows the "principle of least privilege," ensuring that each participant can only access the minimum permissions required to complete specific tasks. Even in extreme cases, such as when the Safeheron platform suffers a cyber-attack or service interruption, users can still fully control their assets through open-source private key recovery tools. There will be no situation where funds are locked or unable to be retrieved, truly fulfilling the promise of "managing your own assets and ensuring security."

Open-Source, Transparent and Verified

Open-Source Core Code: Safeheron open-sources its core cryptography libraries and MPC protocol implementations, subjecting them to review by global developers and security experts to ensure there are no backdoors. Open-source transparency not only increases the system’s credibility but also allows users and experts to audit and verify the code.

The open-source code has been rigorously examined by multiple top-tier security audit firms and has gained widespread recognition from both academia and industry. By choosing the transparent approach of "code is law," Safeheron establishes a verifiable trust mechanism. Instead of blindly trusting service providers, customers can proactively verify the system’s security through technical means, fundamentally breaking down the trust barriers in traditional financial services.

Zero-Knowledge Proof Verification: Using zero-knowledge proof technology, Safeheron can prove that it has executed according to the protocol without revealing any private information. This technology ensures the security and privacy of transactions while allowing users to verify the system’s correctness. This mechanism automatically generates a verifiable TEE report during multi-party transaction signing. If the TEE report passes distributed verification by all parties, the transaction can proceed to the next layer of verification. The zero-trust architecture first maintains zero trust in the platform’s development, security, and operations. It ensures that the root of trust is always the code, the machine, the encryption chip, and the user themselves. Even internal system personnel cannot manipulate or monitor transaction content.

Multi-Layered Security Audits

Third-Party Security Audits: Safeheron regularly undergoes security audits by independent third-party firms and publicly discloses the audit results to maintain transparency. These audits ensure the platform’s security and reliability, giving users peace of mind. Auditors include Kudelski Security, Least Authority, SlowMist, Cure53, and others.

Security Certifications: Safeheron has obtained ISO 27001 and SOC2 Type I and Type II certifications, demonstrating that the platform meets strict standards in security control, availability, processing integrity, confidentiality, and privacy. These certifications are authoritative recognitions within the industry, further enhancing user trust in the platform.

Insurance Coverage

Digital Asset Insurance Scheme: Safeheron partners with Lockton to provide a professional digital asset insurance scheme for customer assets. This insurance scheme further reduces the risk of asset loss in extreme situations, offering users additional security.

Enhanced Custody Risk Management

Fine-Grained Permission Control: Safeheron designs a role-based access control system with fine-grained permissions, ensuring that each role can only access the minimum permissions required. This principle of least privilege minimizes the risk of security breaches due to permission abuse.

Anomaly Detection and Behavior Analysis: SSafeheron deploys an anomaly detection system that can identify unusual wallet operation patterns and trigger alerts in real-time. All operations are recorded in tamper-proof audit logs, and a real-time monitoring mechanism is in place to immediately alert in case of anomalies. This real-time monitoring and behavior analysis mechanism ensures that any suspicious activity is detected and handled promptly.

Best Practices for Preventing Custodian Risks

Regular Security Policy Updates: As technology evolves and security threats change, regularly updating security policies and software is crucial for ensuring the safety of digital assets. This includes promptly installing system patches, updating security software, and optimizing security configurations to counter new threats.

Enhanced Employee Training and Security Awareness: Employees are the first line of defense for digital asset security. Regular training and security awareness programs ensure that employees understand the latest threats and preventive measures. This not only helps prevent internal operational errors that could lead to risky fund inflows but also increases employee vigilance against suspicious activities.

Utilizing Blockchain Technology for Enhanced Transparency: The distributed ledger characteristics of blockchain technology can enhance the transparency and traceability of transactions. By leveraging blockchain technology, exchanges can better track the flow of funds, detect and intercept risky funds in a timely manner. Additionally, blockchain technology provides immutable transaction records, offering strong support for compliance reviews.

Collaborating with Professional Security Firms: Partnering with professional security firms can provide comprehensive security solutions and technical support. These firms can offer regular security audits, penetration testing, and risk assessment services to help exchanges identify and fix potential security vulnerabilities in a timely manner.

Conclusion

Modern digital asset management solutions typically employ a variety of technical means to reduce custody risks. For example, Safeheron uses a self-custody architecture, open-source transparency, multi-layered security audits, insurance mechanisms, and risk management frameworks to ensure that the solutions provided by the platform are highly secure and to establish its credibility.

Platforms like Safeheron, which focus on security, have built relatively reliable digital asset storage and management systems through these mechanisms, providing institutional and individual users with technical support for asset management in compliance with regulations. By evaluating the technical architecture, security practices, and compliance levels of different solutions, users can choose the appropriate digital asset management tools according to their own needs, ensuring security while achieving efficient operations.