Gatekick Labs / engineering Talk to us
Industries Custody

Blockchain infrastructure for custody providers

One compromised key and customer funds vanish permanently. Regulators, insurers, and clients all demand proof that your architecture prevents that outcome. The solution includes the wallet infrastructure and operational controls that satisfy every party at the table.

Why custody providers choose us

We solve the problems that make insurance underwriters walk away from the table.

Security without slowing operations

Your hot wallet balance is the answer to a brutal question. How much can you afford to lose in a single incident? Cold storage protects assets but leaves clients waiting hours for withdrawals. Hot wallets serve clients instantly but sit exposed to every attack vector in production. Most custody operators toggle between these extremes and hope the balance they picked today still makes sense tomorrow.

The solution includes tiered wallet architectures where hot, warm, and cold layers rebalance automatically against configurable exposure thresholds. Funds sweep from cold to warm to hot as withdrawal demand rises and fall back to deeper storage when operational volume drops. Each tier enforces its own signing policy, rate limits, and allowlisted destinations. The hot wallet never holds more than the operator has explicitly chosen to risk, and that number adjusts in real time rather than sitting in a spreadsheet.

Key management that prevents single points of failure

MPC eliminates the single private key as a point of failure, but it introduces operational complexity that most teams underestimate. Key generation ceremonies need witnesses and tamper evident logging. Shard holders leave the company and their shares need resharing without reconstructing the original secret. Backup procedures must survive the scenario where two data centers go offline simultaneously. The cryptography is the easy part. The human procedures around it are where custody operations actually break.

The architecture integrates MPC signing infrastructure with documented ceremony procedures, shard rotation playbooks, and disaster recovery plans that auditors and insurance underwriters accept as evidence of control. No single person or device can authorize a withdrawal above the policy threshold. Key generation produces verifiable audit records. When personnel change, resharing rotates their shard out of the signing group without service interruption and without ever exposing the underlying secret material in cleartext.

Monitoring that catches problems before they become losses

On chain transactions settle in seconds and reverse never. Withdrawal rate limiting and anomaly detection are the last line of defense after every other control has failed. Most custody platforms generate reports that tell the compliance team what happened yesterday. By the time anyone reads the report, the funds have already moved through three mixers and two bridges.

The solution includes withdrawal monitoring that evaluates every outbound transaction against velocity rules, destination allowlists, and behavioral baselines before the transaction broadcasts. Anomalous patterns trigger automated holds that require manual release from a second authorized party. Every wallet action produces a tamper evident audit log with signer identity, approval chain, and policy evaluation results. Alerts propagate to your security team with the full decision context so they act on evidence instead of spending the first hour reconstructing what happened.

A regulated custodian needed to pass an insurance underwriting review while migrating away from a single signing setup.

The custodian holds client assets across one hot wallet controlled by two cofounders sharing a hardware device. Their insurance application stalled because the underwriter flagged the lack of key segregation, the absence of documented ceremony procedures, and no withdrawal anomaly detection. The custodian also faces a US qualified custodian assessment in four months. They need to overhaul the architecture without freezing client withdrawals during the transition and without the key migration itself becoming a security event.

The approach includes a three tier wallet system where cold vaults hold the reserve, warm wallets carry a rolling operational float, and hot wallets are sized to peak hourly withdrawal volume with an automatic ceiling. MPC signing with a 3 of 5 shard policy replaces the shared hardware device, and a formal key ceremony with witnessed generation and encrypted shard distribution produces the audit artifacts the underwriter requires. Withdrawal monitoring enforces per address velocity limits and flags first time destinations for manual approval. The migration runs wallet by wallet over three phases so client operations never pause and the old signing keys are provably destroyed at each stage.

Architecture
Three tier with auto ceiling
Signing
MPC 3 of 5 shard policy
Compliance
Insurance and QC ready
Migration
Phased with provable key destruction
What we deliver

Production infrastructure, not security theater.

Tiered wallet architecture with exposure ceilings
Hot, warm, and cold layers with automated rebalancing, per tier signing policies, and configurable maximum exposure thresholds that adjust to withdrawal volume.
MPC signing infrastructure and ceremony procedures
Shard generation with witnessed ceremonies, encrypted distribution, rotation playbooks for personnel changes, and disaster recovery that satisfies insurance underwriters.
Policy engine and approval workflows
Transaction evaluation against velocity rules, destination allowlists, and value thresholds with escalation paths and time delays for movements above policy limits.
Withdrawal anomaly detection and automated holds
Behavioral baseline monitoring that flags deviations and holds suspicious transactions for second party release before broadcast.
Key lifecycle management
Documented procedures for generation, rotation, backup, shard resharing, and secure destruction with tamper evident audit trails at every stage.
Regulatory and insurance readiness packages
Control evidence, architecture documentation, and reporting artifacts mapped to US qualified custodian requirements, EU DORA, and MiCA custody provisions.
Relevant solutions

Solutions built for environments where failure means total loss.

Smart contracts Policy enforcement contracts, approval workflow logic, and timelocked vault patterns that form the on chain layer of custody architecture. Automation Tier rebalancing, exposure ceiling enforcement, sweep scheduling, and anomaly response triggers that keep custody operations running without manual bottlenecks. Crypto payments Deposit aggregation, withdrawal batching, fee optimization, and multi chain transaction routing for high volume custody platforms.

FAQs

We currently use a shared hardware wallet. Can you migrate us to MPC without freezing client withdrawals?
Yes. The migration runs wallet by wallet in phased stages so client operations never pause. New MPC signing infrastructure goes live alongside the existing setup, funds move over incrementally, and old keys are provably destroyed at each stage. The entire transition produces the audit artifacts your insurance underwriter needs.
What do you need from us to get started, and how long does a custody infrastructure build take?
We need your current wallet architecture documentation, your regulatory and insurance requirements, and your withdrawal volume data. A typical build runs ten to fourteen weeks from discovery through production deployment. We start with a paid scoping phase to map your specific compliance obligations before committing to a timeline.
We have an insurance underwriting review coming up. Can Gatekick produce the control evidence we need?
Yes. Deliverables include documented key ceremony procedures, a control matrix mapping each architectural safeguard to the specific framework your underwriter assesses against, and tamper-evident audit logs for every wallet operation. We have built for both US qualified custodian assessments and EU MiCA custody provisions.
How is a custody engagement priced, and do you offer ongoing support after launch?
The initial build is typically a fixed-fee engagement covering architecture, deployment, and the compliance documentation package. Ongoing support covering key rotation, shard resharing when personnel change, and monitoring infrastructure is available as a separate retainer. We scope both during the discovery phase so you have full cost visibility before committing.

Tell us what you are building.

Every project starts with a conversation.

Talk to us