Our job is to keep wallets safe no matter what
Dfns combines the latest in cryptography with time-tested information security best practices to forge the most secure digital asset wallets of the blockchain industry.
0 hacks. Counting 0 days
Key management is hard.
Don’t DIY.
Dfns provides bank-grade security for wallets, incorporating robust countermeasures against a wide array of potential disaster scenarios and risk vectors. Dfns was born as a response to a fundamental design flaw in blockchains, which irreversibly penalizes people. Mistakes happen, and key loss will remain a constant challenge for people and businesses.
Dfns serves as a optimal safety layer, protecting against mistakes without creating new threats based on naive trust assumptions. Our mission is to simplify key management for blockchain wallets, enabling users and developers to interact with digital assets confidently.
The new golden standard for key management security
MPC pioneers the next era of secure wallet solutions by decentralizing private keys and introducing unparalleled recovery mechanisms.
No single point of failure
MPC resists single-point attacks, demanding multiple device compromises for key access, and ensures trust distribution to prevent single-party hijacking.
Attack tolerance
Threshold signatures ensure the system withstands multiple attacks without interrupting signature delivery, as long as the threshold party remains active.
Fault tolerance
MPC maintains signature delivery even with multiple participants temporarily or permanently unavailable within the threshold signing group.
Responsive recovery
MPC offers adaptable recovery options, including repairing specific key shares, refreshing multiple key shares, and rotating the key pair.
Business continuity
Repairing or refreshing key shares has no impact on the public key or address, ensuring frictionless fund transfers without any disruptions.
Preventive security
Native key recovery mechanisms can be automated systematically or triggered heuristically, reducing the attack window to a limited time interval.
Build on the most secure
key management network
Expertly designed for maximum security, making key loss or theft nearly impossible.
Dfns relies on Network Hosted Keys (NHK), diverging from conventional User Hosted Keys (UHK). In the UHK model, private keys reside on user devices, while in the NHK model, they're stored in a network of hosts. NHK guarantees that the loss of passkeys to the API does not equate to the loss of private keys.
Managed (SaaS)
Use Dfns' key management service to benefit from a fully managed key storage, maintaining remote wallet control via passkey authentication. All key material is securely stored in T3+/T4 data centers.
Hybrid (Cloud)
Achieve top-tier security and flexibility with co-controlled wallets. Keep some keys on-premises while selecting where Dfns-hosted keys are deployed across America, Europe, Middle East, or Asia.
On-Premises
Expand your deployments with MPC keys and Dfns services in on-prem enclaves like Intel SGX, AWS Nitro, IBM OSO, Thales Luna HSM, and private clouds. Alternatively, bring your own keys in HSMs.
Pioneering cryptographic innovations for wallet security
The Dfns research team is a key contributor leading on standardization and frontier multi-party computation protocol development with the National Institute of Standards and Technology (NIST), the W3C WebAuthn working group, the Linux Foundation Decentralized Trust and a founding board member of the MPC Alliance. Our awarded scientific papers, open-source work, and standards contributions establish Dfns as a leading authority in MPC and TSS applied to digital asset security and key cryptography.
MPC is not enough. Security demands holistic thinking.
Programmable controls
Granular policies, authorizations and quorum-based admin controls eliminate fund siphoning risks, even in the case the user's device is compromised.
Certified W3C WebAuthn
Passkey-based authentication enables users to create unique in-device credentials, preventing bypassing and impersonation with native 2FA.
Real-time detection
Code scanning and monitoring tools help us detect high-risk anomalies in human and system behaviors with swift threat response.
Secure SDLC controls
CI/CD pipelines and other code reviews based on 4- and 6-eye principles with quarterly audits and pentests from certified external experts.
Attested communications
Dfns encrypts all communications and verifies code integrity against malicious and insecure deployments with remotely attestable mTLS.
Tamper-proof enclaves
Native key recovery mechanisms can be automated or triggered heuristically, reducing the attack window to a limited time interval.
Strong SLAs and risk mitigation
Combining tier one cloud services to tackle OWASP Top 10 vulnerabilities, defend against DDoS attacks, and reduce downtime risks to almost zero.
Bank-grade key recovery and DRP
Integrating break-the-glass export and industry-standard risk models into our DRP for continuous threat alerts following MITRE and NIST guidelines.
SOC 2 Type 1
SOC 2 Type 2
WebAuthn Working Group
DASP License
CCSS Level 3
ISO 27001
ISO 27017/18
ISO 37301
Turning key loss into a minor incident
Secure wallet design requires multi-factor recovery options to guarantee fund accessibility
Wallet recovery
Dfns offers two passkey recovery options: additional credentials or passcodes, meeting high-security standards with 2FA. Users can add extra verification steps, and enterprise-level clients can request custom passkey recovery.
Disaster recovery
Dfns' DRP focuses on safeguarding client keys, preventing misuse and unauthorized access, and ensuring their functionality. It consists of five tiers inspired by IANA, designed to protect client assets per different critical scenarios.
Striving for excellence in security and compliance
Blackbox Pentest Yogosha (2021)
MPC Signers Audit Kudelski (2022)
Blackbox Pentest Yogosha (2022)
Security Model Audit Distrust (2022)
Whitebox Pentest Redacted (2023)
CGGMP21 Library Audit Kudelski (2023)
Auth Pentest Halborn (2024)
Infrastructure Audit Kudelski (2024)
Compliance-ready wallet management for trusted organizations
AML/KYT integrations
Dfns offers real-time AML transaction monitoring with Chainalysis, Elliptic, and Travel Rule support tooling, seamlessly integrating into your risk, compliance, and financial tools.
Custodial status
A KMS offers technology whereas custodians provide financial services. Dfns focuses on wallet technology, not financial servicing. When evaluating your KMS, distinguish clearly between technical and regulatory terminology to avoid confusion.
No vendor lock-in
Eliminate vendor lock-in with secure key export/import capabilities, allowing you to effortlessly transfer your wallets and assets between different apps and vendors.
Full insurance coverage
Dfns collaborates with insurance companies such as Beazley and MunichRe to cover our clients from cyber risks, errors and omission (E&O) as well as crime risks.
Dfns united the finest minds to solve the key issues of blockchains
