Security
Beyond cryptography, custody depends on disciplined operations: how access is granted, how withdrawals are authorised, how activity is monitored, and how the service recovers from disruption.
Role-based access, separation of duties and least-privilege controls govern who can configure accounts and approve operations.
Withdrawals require multi-party (m-of-n) approval and pass a programmable policy engine — limits, allow-lists and checks — before signing.
24/7 monitoring with anomaly detection and complete, tamper-evident audit logging across operations.
Secure key-share backup, tested recovery procedures and business-continuity planning reduce the impact of disruption.
Assurance
Equentor’s custody runs on an institutional custody-technology platform that maintains independent security certifications (SOC 2 Type II, ISO 27001) for its infrastructure. Equentor layers its own governance, approval and monitoring controls on top.
Responsible disclosure
If you believe you have found a security issue, we want to hear from you.
FAQ
Keys are managed with MPC — split into shares across separated, hardware-isolated environments and never reconstructed in full.
Withdrawals require multi-party approval and must satisfy the policy engine (limits, allow-lists and checks) before signing.
Yes. Operations are continuously monitored and recorded in tamper-evident audit logs.
Tell us about your business and your custody needs.