Fireblocks Direct Custody Principles - Fireblocks Skip To Content

Our Commitment to Security Direct Custody Principles

Fireblocks is a direct custody platform delivering a specific implementation of self-custody where we seamlessly blend zero counterparty risk with multiple layers of security in the most performant manner.

With Fireblocks, you are 100% the owner and controller of your assets. Where and how you store your assets is always within your control.

Here are the five key principles of the Fireblocks direct custody model.

1 Provide a zero counterparty risk environment

Fireblocks never has access to your full private key when generated, signing transactions, or backed up. That means:

  • Fireblocks does not manage your funds.
  • Funds are never stored in an omnibus account or commingled with any other customer funds. 
  • Every customer has a segregated set of keys on segregated on-chain addresses.
  • Customer funds are never converted to on-balance sheet assets of Fireblocks.  
  • All your assets and transactions are recorded on the relevant blockchain without the intervention or assistance of Fireblocks personnel. 
  • Fireblocks cannot move your assets without your signature. 
  • Fireblocks cannot block you from accessing and releasing funds. 

2 Eliminate internal and external attack vectors

Fireblocks deploys multiple layers of security to defend against internal collusion, cyber attacks, and human error. That means:

  • Fireblocks utilizes MPC-CMP, an open-source and peer-reviewed algorithm developed by the Fireblocks cryptography team in 2020. 
  • MPC-CMP removes the single point of failure where the cryptographically related MPC key shares are never generated or gathered during key creation, key rotation, transaction signing, or the adding of new users. 
  • At no point does Fireblocks have enough key shares to unilaterally sign a transaction without the client’s initiation and signature, as it doesn’t have access to the required quorum of MPC key shares.
  • MPC-CMP key shares are implemented across multiple Trusted Execution Environments (Intel SGX), meaning that the algorithm code is signed and validated by hardware. 
  • If a rogue admin or external attacker gains access to the SGX-hosted server, they cannot modify the algorithm or view the key share as both the algorithm runtime and the key share are protected by hardware in storage and memory.
  • Customer funds are protected from internal collusion (your organization and Fireblocks personnel). 
  • User and transaction policy rules are encrypted and implemented within SGX, where policies cannot be modified without the approval of your designated admin quorum, requiring full hardware to hardware multi-factor authentication.
  • Fireblocks conducts multiple third-party code reviews on an annual basis to ensure the MPC-CMP algorithm has no backdoors or vulnerabilities.

3 Guarantee business continuity

Fireblocks provides disaster recovery options for (a) how you recover from a loss of access to your keys and (b) how you recover in the event of Fireblocks service disruptions. That means: 

  • Your Key Recovery backup package gives you access to break-the-glass recovery, which enables you to load your MPC keys in a different wallet (i.e., non-Fireblocks software) and move your assets without being dependent on Fireblocks. (https://github.com/fireblocks/fireblocks-key-recovery-tool).
  • Fireblocks supports “social recovery”, which means that if one of the users or servers in the organization is unable to access the key share, a different user can recover it together with the Fireblocks key shares.
  • In addition, when creating your MPC key share on your phone, it is encrypted using a passphrase that only you know. The key share is backed-up on our servers in case you lose or damage your phone. 
  • Fireblocks cannot access the underlying key share beyond reinitiating it into your new device because the key share is encrypted with your chosen passphrase.
  • If Fireblocks suffers financial distress or enters insolvency, your assets are unavailable to creditors of Fireblocks.  
  • If Fireblocks is hacked, your assets will remain safe as they are not commingled with Fireblocks’ assets.

4 Ensure granular control and visibility of every transaction

Fireblocks provides granular policy controls for moving funds in and out of your wallets, with audit trails into every transaction stage. That means:

  • You define user access and transaction policies based on source, destination, asset, and amount. Fireblocks continuously evolves the transaction policy rules to smart-contract interactions, DeFi, staking, and more.
  • Policy rules determine whether a transaction is blocked, approved, or requires additional signers.
  • Funds cannot be transferred out of your wallet(s) without quorum approval. A rogue employee, compromised device, or Fireblocks personnel cannot move your assets.
  • KYT (Know Your Transaction) filters block suspicious funds from entering your wallets and prevent funds from being sent to known bad actors.
  • You have audit trails and reporting for every approved, rejected, blocked, and failed transaction entering and leaving your wallet.

5 Deliver high performance with ease of use

Fireblocks operates with the highest performance in an always-available and easy-to-use platform. That means

  • You have secure 24/7 access to deposit or withdraw assets. 
  • Assets are instantly transferred and settled on-chain between counterparties, exchanges, or FIAT on/off ramps through the Fireblocks Network.
  • Deposit addresses are automatically authenticated and rotated to provide transaction-level privacy on the blockchain. 
  • Transactions are authorized either using servers or a mobile device, and secured with your biometrics, passcode, or hardware authentication device. 
  • Any ERC-20 compatible token can be automatically supported in your wallets.
  • Fireblocks operates its blockchain nodes to ensure efficient and optimized transaction execution.
  • The Fireblocks platform can be fully automated and optimized for usage through APIs and various deployment environments.
  • Fireblocks operates on a strict SLA with 24 / 7 / 365 support and engineering monitoring. Temporary disruptions are reported on our status page: status.fireblocks.com.