Fortanix Custodial Warm Wallet

Protect your warm wallet with Second factor authentication system (2FA) plugin executed within a secure enclave

fortanix custodial warm wallet
Custodial Warm Wallet Overview


Today, end users of crypto-currencies have two options; they can either manage crypto-currency keys by themselves or trust a custodial wallet service provider to do so. Self-management is very inconvenient for novice users. While custodial wallets are easy to use, crypto-currency businesses are often compromised, and that too by insiders. While crypto currency keys can be managed inside Hardware Security Modules (HSMs), which are highly secure, the application that interacts with the HSM (Hardware Security Module) using an API key is often in an environment which is much less secure. If this application misbehaves or is compromised and the API key stolen, a wallet provider could see heavy losses.

As the world leader in the deployment of Trusted Execution Environments, Fortanix enables B2C businesses to secure crypto-currency wallets while bundling additional functionality with them which makes them more secure and custodial.

Key Features


Deploy the 2FA system inside FIPS 140-2 Level 3 compliant platform

Fortanix Data Security Manager (DSM) SaaS is a FIPS 140-2 Level 3 compliant platform for secure key management. It offers a unique security architecture where custom plugins can be developed and deployed to run inside the hardware protected secure environment.

Secure with Quorum approval workflows

Secure with Quorum approval workflows

The plugin can be protected with a quorum policy that involves multiple admin users. Once deployed, the plugin code cannot be modified without explicit permissions from multiple administrators.

Readily consumable, secure warm wallet with Time-based One Time Passwords (TOPT)

Readily consumable, secure warm wallet with Time-based One Time Passwords (TOPT)

Fortanix provides a Warm Wallet + Secure TOTP plugin that can be readily deployed inside DSM SaaS. The approach best solves Secret Zero Problem for custodial wallets. Transactions can only be signed with the user’s involvement and the platform restricts transaction signing when custodial wallet’s backend system is compromised.

Cloud-scale pervasive data security platform

Cloud-scale pervasive data security platform

The Fortanix solution delivers a cloud-scale pervasive data security platform that provides cryptographic services, secrets management, and tokenization across cloud and on-premises environments from a single centralized point of management, control, and audit.

How it helps?

  • Unmatched security and privacy

    By using Confidential Computing to move the 2FA process to a highly secure trusted execution environment (TEE), Fortanix significantly improves the security of the wallet system. All crypto material is managed out of Intel SGX enclave with advanced privacy capabilities like quorum approval, FIPS 140-2 level 3 HSM, side-channel resistant, and ability to customize crypto algorithms via plug-in.

  • Reduce trust barrier with greater user control

    Fortanix solution ensures that a compromised wallet backend system does not lead to loss of end users’ digital assets. This means that end-users do not need to trust wallet providers as they maintain control of access to their digital wallet.

  • Demonstrate compliance and reduce operational risk

    The Fortanix design reduces operational risk dramatically for cryptocurrency and digital asset custody organizations. As governments move to introduce greater compliance controls on DeFi and cryptocurrency businesses, it’s now possible to adhere to compliance by demonstrating that the users’ assets cannot be spent without the user’s approval.