CertiK and Safeheron, an enterprise key self-custody service provider, are joining forces to raise the standard of transparency in private key management.
The result of this collaboration is “a new verification mechanism to help users ensure projects have adopted enhanced private key management solutions.”
Directly or indirectly, many Web3 projects “manage funds through a smart contract or an individual account address.” This can create “a single point of failure,leaving projects and users highly vulnerable if these addresses become compromised, either due to private key leakage or a malicious exit scam.”
Blockchain security firms, like CertiK, call out these centralization risks “during security reviews.”
In addition to warning users of the risks they may be “taking on by interacting with a protocol, security reviews also propose remediations that reduce or eliminate the risk.”
Providers of private key self-custody services, “like Safeheron, offer institutional-grade multi-party computation (MPC) solutions to reduce such centralization risks.”
However, while CertiK and other security auditors “can propose remediations, their final implementation is in the hands of the project owners.” The adoption rate of these solutions has, until now, “remained opaque to the broader public.”
In this joint effort, Safeheron now “provides interfaces for CertiK and other security companies to verify if a project address is indeed protected by a key custodian solution.”
This transparency assists security auditors and users in “verifying that projects have in fact adopted measures to mitigate centralization risks.”
This collaboration between CertiK and Safeheron “delivers a powerful new tool to the public, a tool built on the transparency that defines Web3.”
Together, we urge other stakeholders to join them on their mission “to raise the standards of transparency and security across the Web3 world.”
In another update, it was noted that CertiK evaluated Safeheron’s open-source Trusted Execution Environment (TEE)-based RSA key sharding solution, “based on Intel® SGX, and identified a vulnerability that could potentially allow privileged attackers with local access to extract confidential data from the SGX enclave.”
Safeheron promptly acknowledged “the vulnerability highlighted by CertiK and has already implemented fixes to address the issue.”
Safeheron’s agile response to the threat “identified is testament to their commitment to security and dedication to enhancing open-source TEE-based RSA key sharding solution.”
Kang Li, Chief Security Officer at CertiK, said:
“We commend Safeheron for their swift and responsible action. Their approach to rapidly addressing these issues, in addition to their ongoing commitment to open-source solutions, is a testament to their dedication to providing a secure MPC self-custody platform for digital assets.”