Home/Digital Asset Custody

Solution

Custody without stored keys.

Eliminate the single largest risk in digital asset infrastructure: private keys that exist at rest. Lokblok® replaces key storage with ephemeral, policy-controlled reconstruction: no keys, no shares, no backups.

$3.1BStolen from exchanges, H1 2025
$1.4BBybit breach, single event
100%Major breaches involved key compromise
0Lokblok® keys at rest

THE PROBLEM

Crypto custody still runs on a fragile assumption.

"Keys must exist, and must be protected."

So the industry built layers around it:

Cold walletsHSMsMPC / TSSVaults and backups

The core problem remains unchanged

Keys exist
Shares exist
Recovery material exists

Which means

They can be stolen
They can be leaked
They can be misused
They create liability

Even the most "secure" systems are just better ways of managing exposure.

THE LOKBLOK APPROACH

Remove the keys.
Keep the control.

Lokblok replaces stored private keys with ephemeral, policy-controlled reconstruction. Using Phantom Secrets™:

Keys are never stored
No MPC shares sit on nodes
No seeds exist in backups
No custodian holds persistent access

Instead:

Keys are deterministically reconstructed inside hardware
Only when identity, policy, and context are satisfied
Used once
Immediately destroyed

What This Changes

From storageto execution

You stop protecting keys and start controlling when they can exist.

From custodyto policy

Access is governed by cryptographic conditions, not key ownership.

From risk managementto risk removal

There is no static attack surface to defend.

HOW IT WORKS

Five layers. Zero persistent keys.

ToughID™, Lokblok® hardware-bound identity attestation device1

ToughID™

Identity defines who can act

  • Hardware-bound identity for every operator
  • No passwords or shared credentials
  • Biometric + hardware verification
Secure Terminal™, Lokblok® hardware execution layer2

Secure Terminal™

Environment defines where it happens

  • High-risk actions in attested environments only
  • No compromised laptops triggering withdrawals
  • Cryptographic environment attestation
Phantom Gate™, Lokblok® zero-trust authentication gateway3

Phantom Gate™

Policy defines when it is allowed

  • Multi-party approval (trader + treasury + compliance)
  • Context-aware rules (amounts, timing, conditions)
  • Cannot be bypassed by compromised UI
Phantom Secrets™, Lokblok® zero-persistence key reconstruction module4

Phantom Secrets™

Phantom Secrets executes the action

  • Key reconstructed inside secure hardware
  • Transaction signed
  • Key immediately destroyed
Toughkey™, Lokblok® cryptographic hardware key5

Toughkey™

Hardware provides the trust root

  • Certified secure enclave for key reconstruction
  • Tamper-resistant execution environment
  • No key material leaves the hardware boundary

What Never Exists

No long-lived private keys or shares exist anywhere in the system.

Stored private keys

MPC shares parked on servers

Seed phrases or recovery blobs

Backup key material

USE CASES

Every custody model. Covered.

Exchanges & Brokerages

  • Hot/warm wallet signing without stored keys
  • Treasury rebalancing with enforced multi-party approval
  • Admin actions governed by identity + policy

Custodians

  • No persistent custody risk
  • Client assets cryptographically segregated
  • Recovery without seed phrases

Staking & Validators

  • Validator keys derived per node / epoch
  • No long-lived validator keys
  • Machine identity enforced via attestation

Institutional DeFi / RWA

  • Governance keys instantiated only when required
  • Identity-linked approvals for regulated workflows
  • No vault-based key exposure

REGULATORY ALIGNMENT

MiCA and beyond: exceeded, not just met.

Phantom Secrets exceeds MiCA expectations for private key protection by eliminating persistent keys altogether, not just protecting them better.

Private key protection

Eliminates persistent keys entirely
Removes primary breach vector

Asset segregation

No custodian-level key ownership
No co-mingling risk

Operational resilience

Zero-trust architecture
Hardware-attested execution

Auditability

Every action tied to identity, policy, and context
Cryptographically signed

WHY THIS MATTERS COMMERCIALLY

The business case is the security case.

Reduce custody liability

No stored keys = no key compromise exposure

Lower compliance burden

Architecture aligns with regulatory direction

Improve security posture

No static targets for attackers

Simplify operations

No key rotation, backup, or shard management

Enable better UX

No seed phrases. No recovery friction.

COMPARED TO EXISTING MODELS

Every current model stores something.

ModelProblem
Cold storage
Keys still exist
HSM
Keys persist in hardware
MPC / TSS
Shares still exist
Vaults
Backups create exposure
Lokblok®
No keys.
No shares.
No backups.

Sits on top of your existing stack

Compatible with wallet infrastructure, HSM / MPC systems, node architecture, and custody workflows. No rebuild required: replace key storage with Phantom Secrets and add the identity + policy control layer.

Products Used in This Solution

Five products. One connected architecture.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction modulePhantom Secrets™Phantom Gate™, Lokblok® zero-trust authentication gatewayPhantom Gate™Secure Terminal™, Lokblok® hardware execution layerSecure Terminal™ToughID™, Lokblok® hardware-bound identity attestation deviceToughID™Toughkey™, Lokblok® cryptographic hardware keyToughkey™

The outcome

Custody doesn't need better protection.
It needs a different model.

Lokblok removes the thing every attacker is looking for: the key.

Get In TouchSee Architecture