Skip to main content

Security That Survives Compromise

Unlike traditional custody and MPC solutions that concentrate risk in cloud infrastructure, Multi-Layer Security Wallet uses multiple independent validation layers. Each layer can block malicious transactions—even if the others are compromised. This architecture delivers three key benefits:
  • Cloud compromise immunity. On-chain enforcement protects assets even during complete infrastructure compromise—blocking the #1 attack vector in digital assets.
  • No single point of failure. An attacker would need to simultaneously compromise your signers, Den’s servers, and the blockchain itself.
  • Verifiable security. On-chain policies are auditable. Your engineering teams, auditors, and regulators can verify controls independently, in real-time.

The Three Security Layers

In Multi-Layer Security Wallet, the three redundant layers of security are:
  1. The Dedicated signing client (mobile wallet or SDK)
  2. The off-chain “Guardian” service
  3. The on-chain smart contracts
In order to execute a transaction, all three layers independently run the policy engine to verify that the transaction is valid. Multi-Layer Security Wallet Security Layers Diagram

How the Three Layers Work Together

When a transaction is initiated, it passes through each layer in sequence. Every layer must independently validate the transaction before it can execute.
  1. The dedicated signing client runs the policy engine locally. The first layer of defense happens on the client side, before any transaction data leaves the device. The validation flow differs depending on how the client accesses the wallet:
    • SDK: The policy engine validates the transaction before generating signing data. If validation fails, the SDK throws an error before generating valid data for a key to sign.
    • Mobile wallet: The policy engine validates the transaction before presenting it for approval. If validation fails, the wallet does not allow the user to sign.
  2. The off-chain Guardian service runs the policy engine on a secure server. After all signers approve across their clients, the transaction reaches the Guardian service for independent validation. The Guardian verifies that the transaction meets all policy requirements and that all required approvals are present. If any check fails, the Guardian rejects the transaction.
  3. The smart contracts run the policy engine on-chain. The final layer of defense lives on the blockchain itself. The smart contracts verify that the transaction meets all policy requirements and that all required approvals are present. If any check fails, the transaction reverts.