Boring, observable, multi-signature.
Security isn't a marketing line — it's the operating model. This page documents the controls, the assumptions behind them, and what they don't cover.
Customer USDC and USDT are held in a Squads multi-signature wallet on Solana. No single signer can move funds. Withdrawal approvals require multi-party threshold signing with hardware-isolated keys.
≤5% of AUM in the hot wallet (instant withdrawals), 10% in warm (same-day), 85%+ in cold (queue-only). Tier rebalances are scheduled and audited.
On-chain reconciliation runs daily. Inflows and outflows are screened by Chainalysis. Anomalies trigger immediate review and automatic outflow pause.
Withdrawals only go to addresses on the user's allowlist. First-time addresses go through a 24-hour security review with step-up auth.
On-chain balances reconciled against ledger nightly. Discrepancies > 0.001% trigger an internal incident. Methodology is published.
Annual external audit of treasury operations. Smart contract code reviewed by independent firms before any on-chain component goes live.
Proof of reserves, with caveats.
On-chain reserves are linkable to the multi-sig treasury. Liabilities snapshots are published quarterly. Methodology, sampling intervals, and limitations are documented in full.
No insurance is sold here.
We do not market third-party insurance as a substitute for risk management. Smart contract risk, stablecoin issuer risk, and macro borrower stress are all real, and live on the risk page — not behind an "insured" badge.
Read the risk pageWe accept disclosures via security@northvault.example.com. Please don't include exploit instructions in the initial message — we'll exchange a secure channel before sharing technical details.