Blockchain Security

We pride ourselves in our cryptographic and blockchain expertise, having numerous PhDs on staff to work on your engagement when necessary. Example works we have reviewed include Threshold Crypto; Quantum Safe Crypto, Secure Multi-Party Computation (SMPC), Elliptical Curve Digital Signature Algorithm (ECDSA), Zero Knowledge Proof (ZKP), Custom Algorithms, Homomorphic Encryption, Functional Encryption, Pairing Based Cryptography, and Commitment Schemes. Many blockchain systems perform financial operations, and through our deep experience with Swiss banking clients we have expertise in the intricies of DeFi, traditional, and decentralized financial models. If we don’t have the expertise in-house, we also have a network of trusted partners that we leverage to ensure complete coverage of your project. Contact us to discuss your particular area of need.

The type of test you need depends on your type of product and your threat model, but you should always test your product “in use, in a dynamic way”. Generally, we recommend the following types of tests:

• If you have a hardware device, such as a crypto wallet or HSM, then we recommend a device assessment targeting the implemented security controls to ensure your product safeguards your users and their data from harm. This would typically include a device penetration test and a low-level hardware review of your security components and the full stack of software
• If you have a software product, then we offer the following dynamic testing services (beyond our static assessments): API/web service, third-party API, mobile, web, or standalone software application, networks, databases. Consensus/DeFi validation
• If you want to test your process, then we can help you test the safety and effectiveness of services such as Know Your Customer (KYC) onboarding, blockchain node/valiator hosting, travel rule, business logic

We can customize our approach to meet your need, but the typical engagements we perform are as follows:

• Source code audits, including: blockchain protocols, wallet & DApp audits, crypto exchange application, smart contract audits, manual or automated source code assessment, Rust language audits
• Specification reviews, including: whitepaper reviews, logic proofs, decentralized finance (DeFi), gateway logic review
• Process reviews, including: standard security produre, local compliance policies, NYDFS, KYC, travel rule, and business logic
• Security assessments for your environment such as cloud and database assessments

We can create a simplified version of your hardware or software product to allow you to test its value in the marketplace (i.e. minimum viable product). We can help you develop the various use case design and implementation too.

Additionally, we can fully develop custom applications using a human-centric approach to solve complex business challenges requiring high security.

Lastly, we can provide long-form documentation that applies an outside-in perspective and help you to achieve growth (i.e. whitepaper creation).

We can work with you to determine the best way to leverage blockchain technology to safely unlock value by disrupting existing business models (e.g. DeFi; NFT). Our labs and workshops will help you determine your blockchain vision and strategy, value proposition, and effective channel to use to help meet your business objectives.

Our digital asset custody advisory service can help with technology vendor selection. But we can also help you to perform, threat modeling, risk profiles, POC planning, Audit/Governance Training. (RFI/RFP Support), and 3rd party risk analysis/assessment.

Since audit and assessments vary based on complexity, the costs, timeline, and availablity to start will be based on your specific needs. If you’re interested in pricing/timeline, contact us and we’ll meet with you to provide a proposal. For any project, we recommend selecting and prebooking implementation testing services early in the process to ensure resources will be available when you’re ready and without a possibly costly delay to your launch.