Securing Self-custody Digital Assets on Hybrid Blockchains with Zero Trust

Cordial Systems is a leader in the custody technology space for digital assets. They are a trusted partner to some of the largest cryptocurrency firms, as well as traditional securities exchanges and fintechs, bringing capital markets on-chain. Cordial’s technology solutions encompass cutting-edge cryptography, zero-trust security principles, and security innovation that is designed to work in the traditional banking   world.

As such, Cordial’s clients are highly sophisticated in their technology procurement and approach to vendor risk management. They need to see evidence of a mature cybersecurity program and a product that is not a black box. Part of this includes a widely scoped and detailed 3rd party annual penetration test with specific threat modelling to their flagship   product, Cordial Treasury.

Cordial chose Software Secured for their previous experience working with both fintechs and traditional banks in the US market, as well as their tailored approach to threat modelling. Their security assessments have provided assurance to clients, including, but not limited to: Google, Meta, JP Morgan Chase, Bank of America, as well as State and Federal   Government units across North America. The focus of this exercise was to uncover potential vulnerabilities in the Cordial Treasury application using   a combination of application and network penetration testing techniques.

To replicate a client deployment, Software Secured:

●     Mapped every component of the hybrid deployment, on-premise nodes, private cloud, GCP-hosted services, and overlaid threat scenarios against each service (Cordial Systems | Digital Asset Custody and Settlement).

●     Designed custom test plans targeting the Admin API (for leakage of organization names, emails, employee data) and the Oracle API (for blockchain addresses and Treasury instance metadata).

●     Integrated threat-modelling sessions with Cordial’s engineering team to ensure a deep understanding of their unique MPC-based (Multi-party Computation), zero-trust architecture.

CTO Conor Patrick emphasizes the importance of clarity in self-custody:

“A good self-custody technology should empower users to always understand what they’re signing, and give them tools tobuild clear policies around wallet usage. Software Secured’s testing validated those controls end-to-end.”

As a result of the engagement:

- Cordial Systems was provided with a detailed report confirming that their flagship product, Cordial Treasury, is robust and well-suited to the needs of a regulated industry such as finance and digital assets.

- Cordial’s team gained actionable insights and implementation support, bridging the gap between vulnerability findings and secure, production-ready fixes, and a roadmap for consideration in further developing the product.

- Cordial Systems gains further validation in their approach to security and running a mature audit program in keeping with the expectations of their clients.

Nicolas Stalder, CEO & Co-Founder, sums up the impact:

“As custodians of digital assets, you should actually custodize assets, not outsource. Software Secured helped us prove that our custody technology truly delivers on that promise for our clients in both the cryptocurrency and traditional finance world.”

By focusing on the precise risks Cordial’s customers worried about, API data leakage, hybrid-cloud resilience,and SOC 2 readiness, Software Secured enabled Cordial Systems to strengthen their security posture, satisfy compliance mandates, and reinforce trust with some of the most security-savvy organizations in digital assets and traditional finance.

‍