editorial
Certik and Safeheron, a provider of enterprise key self-custody services, have partnered to improve transparency in private key management. The collaboration aims to create a verification mechanism that allows users to ensure projects have implemented enhanced private key management solutions. Many Web3 projects manage funds through a smart contract or individual account address, which can create a single point of failure. This leaves projects and users vulnerable to private key leakage or malicious exit scams. CertiK and other blockchain security firms highlight these centralization risks during security reviews and propose remediations to reduce or eliminate the risks. Private key self-custody service providers, like Safeheron, offer institutional-grade multi-party computation solutions to mitigate these centralization risks. However, the adoption rate of these solutions has remained unclear to the public. In this joint effort, Safeheron provides interfaces for CertiK and other security companies to verify if a project address is protected by a key custodian solution. This transparency helps security auditors and users verify that projects have implemented measures to mitigate centralization risks. The collaboration aims to raise transparency and security standards in the Web3 world. CertiK recently evaluated Safeheron’s Trusted Execution Environment-based RSA key sharding solution and identified a vulnerability that could allow privileged attackers to extract confidential data. Safeheron promptly addressed the issue, demonstrating their commitment to security and enhancing their open-source solution. Kang Li, Chief Security Officer at CertiK, praised Safeheron for their agile response to the vulnerability.
Follow crowdfundingmagazine on Instagram: @crowdfundingmagazine_it
