Where are users' private keys held?

Major update regarding our security architecture is coming soon - please stay tuned! Below only describes our current security model.

We've adopted the cryptographic anchor security architecture. Users' encrypted private keys are managed and safeguarded by the Hardware Security Modules (HSMs) in our system.

In a canonical data exfiltration attack in organizations without cryptographic anchor architecture, hackers can enter a system and download users' encrypted private keys, and then crack them freely offline, with their own infrastructure. The organizations won't even know that they are exploited before realizing the funds are stolen.

With Fortmatic's cryptographic anchor architecture, hackers will have to attempt to crack the encrypted private keys within Fortmatic's infrastructure, which means hackers' progress can be detected, impeded and monitored. And with this adversarial environment, the damage of a compromise can be significantly mitigated.

Is the Fortmatic SDK open source?

We will be open sourcing our SDK code soon! We are polishing it up and getting the proper testing and contribution process in place before open sourcing it. Stay tuned in our Discord!