Our job is to keep wallets safe no matter what

Dfns combines the latest in cryptography with time-tested information security best practices to forge the most secure digital asset wallets of the blockchain industry.

>$3B
transactions secured
300+
internal controls
10+
audits and pentests
6
patents

0 hacks. Counting 0 days

It only takes one breach, one mistake

Key management is hard.
Don’t DIY.

Dfns provides bank-grade security for wallets, incorporating robust countermeasures against a wide array of potential disaster scenarios and risk vectors. Dfns was born as a response to a fundamental design flaw in blockchains, which irreversibly penalizes people. Mistakes happen, and key loss will remain a constant challenge for people and businesses.
Dfns serves as a optimal safety layer, protecting against mistakes without creating new threats based on naive trust assumptions. Our mission is to simplify key management for blockchain wallets, enabling users and developers to interact with digital assets confidently.

Multiparty computation is a revolution

The new golden standard for key management security

MPC pioneers the next era of secure wallet solutions by decentralizing private keys and introducing unparalleled recovery mechanisms.

No single point of failure

MPC resists single-point attacks, demanding multiple device compromises for key access, and ensures trust distribution to prevent single-party hijacking.

Attack tolerance

Threshold signatures ensure the system withstands multiple attacks without interrupting signature delivery, as long as the threshold party remains active.

Fault tolerance

MPC maintains signature delivery even with multiple participants temporarily or permanently unavailable within the threshold signing group.

Responsive recovery

MPC offers adaptable recovery options, including repairing specific key shares, refreshing multiple key shares, and rotating the key pair.

Business continuity

Repairing or refreshing key shares has no impact on the public key or address, ensuring frictionless fund transfers without any disruptions.

Preventive security

Native key recovery mechanisms can be automated systematically or triggered heuristically, reducing the attack window to a limited time interval.

Innovative dual security model

Build on the most secure
key management network

Expertly designed for maximum security,
making key loss or theft nearly impossible.

Dfns relies on Network Hosted Keys (NHK), diverging from conventional User Hosted Keys (UHK). In the UHK model, private keys reside on user devices, while in the NHK model, they're stored in a network of hosts. NHK guarantees that the loss of passkeys to the API does not equate to the loss of private keys.

Managed (SaaS)

Use Dfns' key management service to benefit from a fully managed key storage, maintaining remote wallet control via passkey authentication. All key material is securely stored in T3+/T4 data centers.

Hybrid (Cloud)

Achieve top-tier security and flexibility with co-controlled wallets. Keep some keys on-premises while selecting where Dfns-hosted keys are deployed across  America, Europe, Middle East, or Asia.

On-Premises

Expand your deployments with MPC keys and Dfns services in on-prem enclaves like Intel SGX, AWS Nitro, IBM OSO, Thales Luna HSM, and private clouds. Alternatively, bring your own keys in HSMs.

Pioneering cryptographic innovations for wallet security

The Dfns research team is a key contributor leading on standardization and frontier multi-party computation protocol development with the National Institute of Standards and Technology (NIST), the W3C WebAuthn working group, the Linux Foundation Decentralized Trust and a founding board member of the MPC Alliance.
Our awarded scientific papers, open-source work, and standards contributions establish Dfns as a leading authority in MPC and TSS applied to digital asset security and key cryptography.

Discover Dfns Labs
Elevating wallet security with gravitas

MPC is not enough. Security demands holistic thinking.

Programmable controls

Granular policies, authorizations and quorum-based admin controls eliminate fund siphoning risks, even in the case the user's device is compromised.

Certified W3C WebAuthn

Passkey-based authentication enables users to create unique in-device credentials, preventing bypassing and impersonation with native 2FA.

Real-time detection

Code scanning and monitoring tools help us detect high-risk anomalies in human and system behaviors with swift threat response.

Secure SDLC controls

CI/CD pipelines and other code reviews based on 4- and 6-eye principles with quarterly audits and pentests from certified external experts.

Attested communications

Dfns encrypts all communications and verifies code integrity against malicious and insecure deployments with remotely attestable mTLS.

Tamper-proof enclaves

Native key recovery mechanisms can be automated or triggered heuristically, reducing the attack window to a limited time interval.

Strong SLAs and risk mitigation

Combining tier one cloud services to tackle OWASP Top 10 vulnerabilities, defend against DDoS attacks, and reduce downtime risks to almost zero.

Bank-grade key recovery and DRP

Integrating break-the-glass export and industry-standard risk models into our DRP for  continuous threat alerts following MITRE and NIST guidelines.

SOC 2 Type 1

Completed

SOC 2 Type 2

Completed

WebAuthn Working Group

Completed

DASP License

Completed

CCSS Level 3

Ongoing

ISO 27001

Ongoing

ISO 27017/18

Ongoing

ISO 37301

Ongoing
Guaranteed full recovery no matter what

Turning key loss into a minor incident

Secure wallet design requires multi-factor recovery options to guarantee fund accessibility

Wallet recovery

Dfns offers two passkey recovery options: additional credentials or passcodes, meeting high-security standards with 2FA. Users can add extra verification steps, and enterprise-level clients can request custom passkey recovery.

Disaster recovery

Dfns' DRP focuses on safeguarding client keys, preventing misuse and unauthorized access, and ensuring their functionality. It consists of five tiers inspired by IANA, designed to protect client assets per different critical scenarios.

Continuously audited and pentested

Striving for excellence in security and compliance

Blackbox Pentest
Yogosha (2021)

Completed

MPC Signers Audit Kudelski (2022)

Completed

Blackbox Pentest
Yogosha (2022)

Completed

Security Model Audit Distrust (2022)

Completed

Whitebox Pentest Redacted (2023)

Completed

CGGMP21 Library Audit Kudelski (2023)

Completed

Auth Pentest Halborn (2024)

Completed

Infrastructure Audit Kudelski (2024)

Ongoing
Built for checklists and audit logs

Compliance-ready wallet management for trusted organizations

AML/KYT integrations

Dfns offers real-time AML transaction monitoring with Chainalysis, Elliptic, and Travel Rule support tooling, seamlessly integrating into your risk, compliance, and financial tools.

Custodial status

A KMS offers technology whereas custodians provide financial services. Dfns focuses on wallet technology, not financial servicing. When evaluating your KMS, distinguish clearly between technical and regulatory terminology to avoid confusion.

No vendor lock-in

Eliminate vendor lock-in with secure key export/import capabilities, allowing you to effortlessly transfer your wallets and assets between different apps and vendors.

Full insurance coverage

Dfns collaborates with insurance companies such as Beazley and MunichRe to cover our clients from cyber risks, errors and omission (E&O) as well as crime risks.

Elite team made of stellar talent only

Dfns united the finest minds to solve the key issues of blockchains

Google
Société Générale
Thought Machine
Microsoft
KKR
Memo Bank
Zengo
IBM
Unbound
Crédit Agricole
Stellar
Standard Chartered
PayPal
Galaxy
NYDIG
Goldman Sachs
HP
Bank of America
Gemini
Curv