How We Secure Client Assets With Robust Institutional Security
Since launching our services in December 2021, our utmost priority has been to build and grow an institutional-grade infrastructure that our clients can entrust with the security of their digital assets, as well as that of their own customers and community. Within a year of operation, we have set and achieved numerous milestones to create a safe, compliant, and regulated environment that supports the adoption and participation of institutions in the digital asset economy.
Now more than ever, the industry must come together to provide participants with reassurance that the necessary governance controls and security measures are implemented to ensure that their assets remain safe and in their control.
We address such concerns here by offering a comprehensive overview of our business and technology infrastructure.
Ceffu Operates as an Independent Custodian
Ceffu offers integrated custody services that allow institutional clients to safely store their assets in cold storage while also benefiting from a wide range of innovative liquidity products by way of its connection to the Binance ecosystem. While this connection provides fast and convenient access to such venues, Ceffu operates a separate, dedicated platform with segregated account and wallet systems. This means that client assets deposited in our cold wallet solution are never commingled with other clients’ assets, our own assets, nor with assets of other parts of the Binance ecosystem.
Each segregated account system comes with login risk controls, multi-factor authentication processes, multi-approval schemes for sensitive operations (such as address white-listing and withdrawals) and fraud prevention measures. All assets under our custody are covered by our cold storage specie insurance, which was obtained from Arch at Lloyd’s of London after an independent evaluation of our security and risk management protocols.
On-Chain Visibility of Client Funds
The industry coming together to champion full transparency by publishing their proof of reserves is the right step forward to restore trust and credibility.
Through our Qualified Wallet clients can already benefit from this level of transparency by having their own dedicated on-chain wallet addresses, which only contain their own funds. This proof can be verified directly on the blockchain, as clients have full visibility that the only movements coming in and out of their wallet belong to them.
The ownership and control of assets remains solely with our clients at all times, not with Ceffu.
Held to Stringent Compliant Policies
Ceffu is run out of Bifinity UAB, registered as a deposit virtual currency wallet operator and exchange operator, and supervised by the local Finance Investigation Unit in Lithuania.
Our Board of Directors ensures strong corporate governance of the Ceffu business. It upholds the fiduciary duty to put the interest of our clients first and to protect their assets at all times. This duty most notably prohibits us from ever reusing our clients’ assets without their consent.
Our comprehensive governance, risk and compliance policies and procedures undergo continuous reviews to manage key risks with regard to Anti-Money Laundering (AML), technology and cybersecurity, custody of assets, and business continuity. These policies and procedures provide added layers of security and peace of mind that clients’ accounts and funds are always protected.
Audited by Third-Party Firms
Our solutions are ISO 27001 and 27701 certified, which assess an organization’s security and privacy controls respectively and ensure that all the right measures are implemented to safeguard our users.
We are also SOC 2 Type 1 compliant, which attests to our cybersecurity controls at a single point in time, and are in the process of obtaining our SOC 2 Type 2 attestation. This qualification requires auditors to analyze how Ceffu safeguards customer data and how well those controls are operating over a period of time.
Additionally, our platform undergoes penetration tests performed by a third-party security firm. These tests simulate authorized cyberattacks against computer systems to evaluate our security architecture. Our last pen test was completed recently and we will continue to undergo pen testing on an annual basis. Other security exercises, including phishing tests, are also conducted periodically to ensure our systems are highly protected.
Zero Trust Architecture
Building a ‘trustless’ platform that removes implicit reliance for each phase of our digital interaction is one of the main pillars in Ceffu's design. This setup significantly reduces risks of malicious insiders and bad actors from surreptitiously manipulating data, on top of eliminating single points of failure by combining Multi-Party Computation (MPC) cryptography with hardware isolation as our foundation to protect our clients’ assets.
Our key management solution is based on the Threshold Signing Scheme (TSS) and key shares are generated on separate, air-gapped FIPS 140-2 compliant devices. TSS is an MPC mechanism which requires M out of N (e.g. 3 out of 5) number of key shares to validate a transaction for signing. MPC works by splitting the traditional private keys into multiple pieces and distributing them in multiple places, ensuring that no one person has full access to the private key and that it is never reconstituted in full.
—
There is still much to be done as an industry to develop this ecosystem into the mature and safe environment that we all envision and work towards. At the heart of this ecosystem lies fundamental trust that is righteously earned by building innovative and secure solutions that protect user assets and positively contribute to the sustainable growth of the digital asset economy.
As we approach our first full year of operation, we would like to thank all of our clients for placing their trust in our custody infrastructure and look forward to supporting more institutions with the security of their assets. Should you have any questions about our operations or suite of custody products,
please contact our team here.
About Ceffu
Ceffu is a compliant, institutional-grade custody platform offering custody and liquidity solutions. Its multi-party computation (MPC) technology, combined with a customizable multi-approval scheme, provides bespoke solutions allowing institutional clients to safely store and manage their digital assets through its insured, segregated cold storage solution, Qualified Wallet. Institutions also benefit from Ceffu’s secure gateway to a wide range of liquidity products within the Binance ecosystem as Binance’s institutional custody partner.
Stay informed
LinkedIn: Ceffu
Twitter: @CeffuGlobal