Move your blockchain project securely and successfully into production or onto mainnet. We’ll help you assess, design, customize, deploy and manage blockchain and digital ledger technology systems so you can confidently leverage security as a powerful differentiator in this dynamic market.
Reduce Risk and Instill Confidence in your Blockchain/DLT Programs
Blockchain has a reputation for being a secure technology. In reality, it can only facilitate secure, trusting relationships if the protocols, architecture, and its integration are robust and safe. Any design, mathematical, or development mistakes translate directly into vulnerabilities in your final product. To mitigate this risk, we help you to identify and address any potential weaknesses as well as work with you to build products from the ground up, in a secure-by-design approach.TALK TO US
Our Blockchain Security Portfolio
For heightened protection of your existing crypto exchange or platform, our suite of services promotes maximum security. Services include Digital Asset Custody Integration, Incident Response, Cloud Monitoring, Product Security and more.Find out more >>
Audits and Assessments
To protect your crypto exchanges and digital assets, our cryptographic audits, security assessments and penetration testing services evaluate your systems and code, identify any weaknesses, and offer comprehensive security recommendations.Find out more >>
If used appropriately, blockchain can create significant business opportunities. Based on in-depth analysis of your industry and priorities, we provide custom recommendations to drive your business forward – from initial strategy to implementation and on-going, secure management.Find out more >>
Do your new products require highly secure applications that go beyond Java, rust, web or mobile app languages? We develop and test-out blockchain-based MVPs in market, design use cases and implementation plans. We also develop apps and create whitepapers to stimulate client interest.Find out more >>
security audits and assessments
billion digital currency secured
audited lines of code
years combined cryptography experience on staff
What Our Clients are Saying
“Engaging with Kudelski Security in the assessment provides additional assurance that our systems are safeguarded from multiple threats. It shows users and investors that our commitment to cybersecurity in the crypto space is absolute.”
What Our Clients are Saying
The KS team play an important role in auditing every aspect of our smart code wallet code. With their defense-in-depth approach to security and rapid work, they provided us the adequate defenses to launch our solution confidently.
What our clients have to say
Cybersecurity specialists at Kudelski Security carried out an audit of IOHK’s Icarus code base. The resulting written reports were thorough and intelligible. They enabled our engineers to address the issues identified in an efficient way.
Recent Audits and Assessments
Binance wanted a security & cryptography assessment of their open source library available on Github that was implementing a threshold ECDSA signature scheme (TSS).
Learn more >>
A payments and cryptocurrency platform needed an external security assessment to prove it’s commitment to security, privacy and compliance which satisfies Cryptocurrency Security Standard Level 3, ISO 27001:2013 and PCI:DSS 3.2.1, Level 1.
Learn more >>
Solana wanted to audit every detail of the Solana software architecture across its eight core innovations (e.g. TowerBFT), and Kudelski thoroughly inspect and dissect every element of the Solana infrastructure.
Learn more >>
IOHK solicited Kudelski Security to perform a security audit of Mantis, an Ethereum Classic wallet integrated in Daedalus.
Learn more >>
Monero hired Kudelski to perform a cryptography and safety assessment of their privacy affirming bulletproof implementation.
Learn more >>
Zcash hired Kudelski to perform a security assessment of the Sapling upgrade prior to activation. The assessment focused on the pairing and bellman libraries with a focus on cryptographic correctness, and so findings were considered for those libraries independently of the wider product.
Learn more >>
Frequently Asked Questions
- Do you have expertise relevant to our project?
We pride ourselves in our cryptographic and blockchain expertise, having numerous PhDs on staff to work on your engagement when necessary. Example works we have reviewed include Threshold Crypto; Quantum Safe Crypto, Secure Multi-Party Computation (SMPC), Elliptical Curve Digital Signature Algorithm (ECDSA), Zero Knowledge Proof (ZKP), Custom Algorithms, Homomorphic Encryption, Functional Encryption, Pairing Based Cryptography, and Commitment Schemes. Many blockchain systems perform financial operations, and through our deep experience with Swiss banking clients we have expetise in the intricies of DeFi, traditional, and decentralized financial models. If we don’t have the expertise in-house, we also have a network of trusted partners that we leverage to ensure complete coverage of your project. Contact us to discuss your particular area of need.
- What types of dynamic testing do I need to do?
The type of test you need depends on your type of product and your threat model, but you should always test your product “in use, in a dynamic way”. Generally, we recommend the following types of tests:
- If you have a hardware device, such as a crypto wallet or HSM, then we recommend a device assessment targeting the implemented security controls to ensure your product safeguards your users and their data from harm. This would typically include a device penetration test and a low-level hardware review of your security components and the full stack of software
- If you have a software product, then we offer the following dynamic testing services (beyond our static assessments): API/web service, third-party API, mobile, web, or standalone software application, networks, databases. Consensus/DeFi validation
- If you want to test your process, then we can help you test the safety and effectiveness of services such as Know Your Customer (KYC) onboarding, blockchain node/valiator hosting, travel rule, business logic
- What types of static assessments can you do?
We can customize our approach to meet your need, but the typical engagements we perform are as follows:
- Source code audits, including: blockchain protocols, wallet & DApp audits, crypto exchange application, smart contract audits, manual or automated source code assessment, Rust language audits
- Specification reviews, including: whitepaper reviews, logic proofs, decentralized finance (DeFi), gateway logic review
- Process reviews, including: standard security produre, local compliance policies, NYDFS, KYC, travel rule, and business logic
- Security assessments for your environment such as cloud and database assessments
- How can you help me with my platform development?
We can create a simplified version of your hardware or software product to allow you to test its value in the marketplace (i.e. minimum viable product). We can help you develop the various use case design and implementation too.
Additionally, we can fully develop custom applications using a human-centric approach to solve complex business challenges requiring high security.
Lastly, we can provide long-form documentation that applies an outside-in perspective and help you to achieve growth (i.e. whitepaper creation).
- How do I incorporate blockchain into my existing business?
We can work with you to determine the best way to leverage blockchain technology to safely unlock value by disrupting existing business models (e.g. DeFi; NFT). Our labs and workshops will help you determine your blockchain vision and strategy, value proposition, and effective channel to use to help meet your business objectives.
- What blockchain or custody vendor should I use?
Our digital asset custody advisory service can help with technology vendor selection. But we can also help you to perform, threat modeling, risk profiles, POC planning, Audit/Governance Training. (RFI/RFP Support), and 3rd party risk analysis/assessment.
- How much do your audits/assessments cost, how long does it take, and how soon can you start?
Since audit and assessments vary based on complexity, the costs, timeline, and availablity to start will be based on your specific needs. If you’re interested in pricing/timeline, contact us and we’ll meet with you to provide a proposal. For any project, we recommend selecting and prebooking implementation testing services early in the process to ensure resources will be available when you’re ready and without a possibly costly delay to your launch.
Breakpoint 2021: Secure the Bag: Keeping Smart Contracts Safe
Kudelski Security's, Scott Carlson, joins industry experts to discuss security and code audits, some of the most critical aspects of blockchain engineering.
Blockchain Security Center
Blockchain and Distributed Ledger Technology (DLT) have the potential to revolutionize business by facilitating secure, trustless relationships between organizations, applications, and individuals.
Enabling Trust in Modern Supply Chains
Supply chains have been transformed by technology. Organizations have replaced manual recording and legacy digital systems with the Internet, automation, and high-tech hardware and software solutions
CurveBall: Microsoft Windows CryptoAPI Spoofing Vulnerability Webcast
Today, we’ll be talking about CurveBall, a Microsoft Windows cryptographic API vulnerability. We’ll give you a brief overview of Curveball as the vulnerability is called, talk a little bit about the potential impact and what you can do to remediate and detect.
Kudelski Security and Crypto.com
When the blockchain security center was conceived in 2018, it had a few goals in mind to help companies, projects, and inventors around the world use blockchain and advanced cryptography safely.
Our Partner Ecosystem
Decentralized Partner Innovation (DEPI)
To meet the growing needs of our blockchain business, we developed a model that uses an expanded team of decentralized partners.
DEPI is open to enterprises or individuals with parallel skillsets or highly specialized expertise, which can complement our own in-house capabilities.
You May Also Be interested In
Continuous risk reduction that elevates your security posture
Featuring tech research on cutting-edge topics and the latest cybersecurity insight, perspectives, practical advice and fundamental research published by Kudelski Security thought leaders.Learn more >>
Penetration Testing and Offensive Security Services
As cyber-attacks become more frequent, targeted and sophisticated, a proactive, periodic approach to validating security controls and identifying vulnerabilities can reduce the likelihood and severity of an attacker successfully gaining entry into your network.Learn more >>
Cloud Security Services
With cloud technology’s ability to propel the business forward, security leaders must put cloud governance at the forefront, creating strategies and policies that ensure secure and streamlined cloud environments.Learn more >>
Our Technology Assessment service reviews your cybersecurity infrastructure to identify opportunities for improvement and help you make more informed strategic business decisions. Find out more about our cybersecurity technology audits and assessments.Learn more >>
We're here to help.
Complete the form to talk with one of our security experts and learn how our award-winning security services can help you and your organization.