Our security architecture
Multiple independent layers of security — each verifiable, each designed to eliminate the need to trust any single party.
Trusted Execution Environments
All 0xKey applications and services run in AWS Nitro Enclaves — isolated compute environments where not even AWS or 0xKey staff can access your private keys. Memory is encrypted and the environment is tamper-proof.
End-to-end Key Encryption
Private keys are generated inside enclaves and encrypted before any external storage. The encryption key is sealed to the enclave hardware — decryption is only possible inside the same TEE.
Cryptographic Verifiability
Every enclave produces a signed attestation you can verify yourself. You can check exactly what code is running, confirm it matches our open-source repository, and verify no tampering has occurred.
Non-custodial Architecture
0xKey is structurally non-custodial. The cryptographic design ensures that 0xKey staff cannot access, move, or steal user funds — even if they wanted to.
Reproducible Builds
Our enclave code is compiled with reproducible builds. Anyone can compile the source and verify the resulting binary hash matches what's running in production.
Audit Trail
Every key operation is logged with a cryptographic record. Logs cannot be altered retroactively, providing a tamper-proof audit trail for compliance and forensics.
Independent security audits
We regularly engage leading security research firms to audit our code, infrastructure, and processes.
Trail of Bits
Q1 2025
Zellic
Q2 2025
Cure53
Q3 2025
SOC 2 Type II
2026
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue in 0xKey's products or infrastructure, please report it responsibly. We appreciate the security community's help in keeping our platform safe.
Report a Vulnerability