SignTrail

DPRK-focused Pre-Sign Security Layer

Stop Unsafe Signatures Before Assets Move

SignTrail verifies transaction intent, execution path, signer authority, and policy context before digital assets move.

Protect the path to signing — not just the key.

  • Transaction Intent
  • Execution Path
  • Signer Authority
  • Policy Context
SignTrail Gate
  • ALLOW
  • HOLD
  • REJECT

Why Now

Attackers No Longer Just Steal Keys

Even legitimate signers and trusted systems can approve dangerous transactions through manipulated paths.

Past Attacks

  • Private key theft
  • Phishing
  • Malware
  • Direct intrusion

New Attacks

  • Legitimate approver
  • Manipulated signing request
  • Fake UI
  • Compromised developer environment
  • Valid signature
  • Asset theft
  • Bybit $1.5B Incident

    A large asset movement that appeared to pass normal approval procedures still resulted in catastrophic loss.

  • Target Scope Is Expanding

    Exchanges, DeFi services, bridges, RPC node operators, analytics firms, VASPs.

  • The Weak Point Is the Path

    The key may be secure, but the request reaching the signer may not be.

Source: FBI / IC3 Public Service Announcement on the Bybit incident (TraderTraitor).

Product Identity

SignTrail Does Not Replace Wallets

We sit in front of HSM, MPC, Fireblocks, Safe, Squads, and internal signers to verify the path and intent of signing requests.

  1. Transaction Request
  2. SignTrail Gate
    ALLOWHOLDREJECT
  3. Existing signers
    • HSM
    • MPC
    • Fireblocks
    • Safe
    • Squads
    • Internal Signer
  4. Signature
Gate decisionALLOWHOLDREJECT
  • No Replacement
  • Pre-Sign Gate
  • Runtime Provenance
  • Transaction Intent
  • Signer-Side Enforcement
  • Fail-Closed

We are not a company that stores keys. We verify the path right before keys are used.

Customers

Who Needs SignTrail?

Any organization that moves digital assets or executes privileged onchain operations can be exposed to unsafe signing risk.

  • Custody & Financial Institutions

    Audit-ready signing control for institutional assets.

  • DeFi Protocols

    Protect admin, oracle, treasury, vault, governance execution.

  • Wallet & Infrastructure Providers

    Add a pre-sign gate to the signing workflow you already operate.

How It Works

Three Questions Before Every Signature

A transaction is signed only when the request, path, and signer are all verified.

  1. Is the request unchanged?

    • Canonical transaction payload
    • tx_payload_hash
    • Payload integrity
  2. Did it come through a trusted path?

    • Runtime event window
    • Process chain
    • File access
    • Network egress
    • runtime_provenance_digest
  3. Is the signer allowed to execute it?

    • signer_id
    • policy_hash
    • Decision artifact
    • Replay/TTL validation
Pre-sign decision
ALLOWHOLDREJECT
  • All verifiedALLOWthe request is signed
  • Needs reviewHOLDthe request waits for review
  • Unsafe/manipulatedREJECTthe request is stopped

No trusted path, no signature.

Stop Hacks Right Before Signing

SignTrail helps exchanges, custodians, DeFi protocols, and treasury teams stop unsafe signing requests before assets move.

  • Protect the path to signing
  • Verify transaction intent
  • Detect manipulated runtime paths
  • Hold risky requests
  • Reject unsafe signatures
  • Leave audit evidence

The safest signature is the one that never gets executed when the path is wrong.