zero trust custody

Prism Custody

Multi-network custody bridge. MPC-secured. Every inbound transaction verified by a validator node before a single asset moves outbound. Trust nothing that hasn't been validated.

MPC
key sharding
0
single points of failure
24/7
validator uptime
<400ms
verification latency
threat model

What keeps us up at night

Every bridge is a target. Every cross-network transfer is an attack surface. We designed Prism Custody assuming every component is compromised until proven otherwise.

critical — without us

Unverified inbound transactions

Assets accepted without cryptographic proof of origin. A single forged transaction drains the bridge.

critical — without us

Single-key custody

One compromised key, one compromised employee, one compromised HSM. Everything gone in one block.

mitigated — with prism

MPC threshold signing

No single party ever holds a complete key. Threshold signatures require distributed consensus before any outbound transfer.

mitigated — with prism

Validator-verified inbound

Every inbound transaction is verified by our validator node on the settlement layer before assets are released externally.

architecture

How a cross-network transfer works

Every transfer follows the same paranoid pipeline. No shortcuts. No fast lanes. No exceptions.

1. Inbound transaction detected

Assets arrive on the source network. The bridge listener captures the transaction and quarantines it.

2. Validator verification

Our validator node on the settlement layer independently verifies the transaction. Proof of origin, amount, and destination are cryptographically confirmed. Nothing proceeds without validator consensus.

3. MPC threshold signing

The outbound transaction is constructed and signed using distributed MPC. No single key holder can authorize the release. Threshold consensus is required.

4. Outbound release

Assets are released on the destination network only after all verification gates pass. The entire pipeline is logged, auditable, and irreversible.

5. Post-transfer attestation

A cryptographic receipt is generated and anchored to the settlement layer. Every transfer is provable after the fact.

validator node

Why we run a validator

Running a validator on the settlement layer isn't optional for us. It's the foundation of our security model. Without independent verification of inbound transactions, custody is just a promise. With a validator, it's a proof.

What our validator checks on every inbound transfer:

// prism-custody verification pipeline { "transaction_hash": "verified against source ledger", "origin_network": "authenticated", "amount": "matched to declared value", "destination": "confirmed in custody registry", "replay_protection": "nonce validated", "settlement_finality": "block confirmed on validator", "result": "RELEASE_AUTHORIZED | QUARANTINE" }

If any check fails, the transfer is quarantined. No manual override. No exceptions.

cross-network visibility

See everything. Trust nothing.

Operating a validator gives us direct visibility into transaction flows across the settlement layer. We don't rely on third-party oracles or external data feeds. We observe, verify, and attest independently.

This isn't surveillance. It's due diligence at the protocol level. Every value flow that touches our bridge is independently confirmed before we act on it. Institutional clients expect nothing less.

The bridge that can't see the river shouldn't carry the cargo.

secure your transfers

Ready to bridge without blind spots?

Prism Custody is available for institutional clients requiring MPC-secured cross-network transfers with validator-grade verification.

Request Access