At Hex Trust, we don’t take client trust for granted. This is why we place security at the forefront of all our operations, with full commitment to meeting rigorous standards for security and privacy.
These pillars of our robust security infrastructure offer a holistic and tailored solution to protecting your digital assets and personal data at all times.
Hex Trust strives to meet the strictest regulatory and compliance standards in every jurisdiction we operate. Here are some of the licenses and registrations that attest to our commitment:
Custody Services
Broker-Dealer Services
Management and Investment Services
In March 2022, Hex Trust successfully completed the SOC 2 Type I assessment, conducted by Deloitte.
This evaluation validated that our information security policies, procedures, and operational practices met the stringent criteria for security, availability, processing integrity, confidentiality, and privacy.
In December 2023, Hex Trust completed the SOC 2 Type II assessment, conducted by AssuranceLab.
This evaluation confirmed the ongoing effectiveness of our internal controls and reinforced our commitment to security-first operational practices.
In February 2023, Hex Trust completed both the SOC 1 Type I and Type II assessments, independently conducted by Deloitte. The Type I assessment verified the design of our internal controls, while the Type II audit validated the effectiveness of those controls in practice.
These attestations demonstrate our adherence to high standards in customer financial reporting, asset segregation, and fiduciary responsibility.
In December 2023, Hex Trust achieved the CSA STAR Level 2 Certification, recognizing our commitment to advanced cloud security practices and officially designating us as a Trusted Cloud Provider.
This certification reflects our adherence to rigorous security and privacy standards for cloud services.
Hex Trust is also a corporate member of the Cloud Security Alliance, joining a global network of organizations dedicated to building and maintaining a trusted cloud ecosystem through shared knowledge, best practices, and collaboration.
The CSA STAR Registry is a publicly accessible database that documents the security and privacy controls implemented by cloud service providers.
Established in 2013 by the Cloud Security Alliance, the STAR Registry promotes transparency, continuous improvement, and accountability in cloud security. It is built on the principles outlined in the Cloud Controls Matrix (CCM), which maps leading industry standards and regulatory frameworks.
By publishing to the STAR Registry, Hex Trust demonstrates its security posture and compliance with global standards - providing current and prospective clients with clear, independently validated assurance of our cloud governance and risk management practices.
Security is embedded in every layer of our operations.
At Hex Trust, we adopt a security-first mindset across all processes to proactively mitigate risks and protect against a wide range of cyber threats.
Our infrastructure is hosted in data centers that meet the highest international standards, including:
To ensure the resilience of our security architecture, Hex Trust undergoes on-going penetration testing conducted by Deloitte a CREST-accredited cybersecurity firm.
These assessments validate our systems against current threat landscapes and help close any potential security gaps.
Security is integral to our product development process. Our DevSecOps approach ensures that security considerations are embedded throughout the software development lifecycle. We work with trusted partners to enforce a robust, holistic Secure SDLC, protecting the Hex Trust platform against vulnerabilities every step of the way.
Our proprietary bank-grade platform is built on a secure, enterprise-grade infrastructure that includes FIPS 140-3 Level 3 hardware security modules, isolated execution environments, and strict access controls. This architecture ensures data confidentiality, integrity, and compliance with regulatory standards.
Sensitive data - such as account profiles, transaction approval rules, AML ratings, KYC documentation, compliance records, and statement data - is protected through enforced controls on external and privileged user access.
Hex Trust's platform provides institutions with the highest levels of security and privacy, designed specifically to meet the rigorous demands of digital asset custody and compliance.
Securosys is a physical hardware computing device that safeguard cryptographic keys and perform cryptographic operations within a secure, tamper-resistant environment. It offers an exceptional encryption and authentication capabilities.
On Securosys Primus, they deliver secure, reliable, and quality Hardware Security Modules (HSM) with compliance with the industry's most stringent certifications.
Securosys Primus adheres to a range of industry-recognized security certifications such as FIPS 140-3 that provides validation of effectiveness of cryptographic hardware. Certification to Cryptographic Algorithm Validation Program (CAVP) also align with Securosys practice which aligns to stringent standards set by National Institute of Standards and Technology (NIST) and U.S. federal regulations. To further underscore their commitment to compliance, Securosys also maintain various other certifications, including ISO/IEC 27001 and Common Criteria EAL4+ certification.
The Federal Information Processing Standard (FIPS) Publication 140-3 is a U.S. government standard that defines security requirements for cryptographic modules used in IT systems.
Hex Trust uses FIPS 140-3 Level 3 validated cryptographic modules, which meet stringent security standards suitable for highly regulated industries. Level 3 provides robust physical and logical protections, including:
While not as extreme as Level 4 - which is reserved for highly specialized environments - Level 3 offers strong assurance against both logical attacks and physical intrusion, making it the de facto standard for secure infrastructure in financial services, government, and enterprise-grade solutions.
Hex Trust’s applications are primarily hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP); both industry-leading cloud providers known for their advanced security, reliability, scalability, and operational resilience.
We leverage AWS and GCP infrastructure to ensure our products and services meet the highest standards of performance and protection. These platforms provide extensive physical, software, and operational safeguards, along with robust frameworks to support regulatory compliance.
AWS and GCP adhere to globally recognized standards, offering a comprehensive set of certifications, attestations, regulatory frameworks, and privacy controls that align with our own rigorous security and compliance requirements.
Hex Trust has integrated Chainalysis KYT (Know Your Transaction) and Chainalysis Reactor into its compliance framework through a strategic partnership with Chainalysis, a global leader in blockchain analytics.
These tools add an additional layer of compliance and transparency to Hex Safe, our institutional-grade custody platform - enhancing our ability to detect risk, meet regulatory requirements, and give clients greater confidence in the integrity of their digital asset transactions.
At Hex Trust, we implement a robust security measures featuring multiple layers of defense and a stringent Zero Trust architecture, designed to protect digital assets at every level. Below are the key pillars of our security framework:
Encryption is the process of converting readable data into a secure, encoded format that can only be accessed through decryption by authorized parties.
It safeguards sensitive information, such as client data and cryptographic keys, from unauthorized access, ensuring confidentiality and integrity even in the event of a breach.
Protecting our clients' data is our highest priority at Hex Trust. We achieve this through following industry-leading encryption standards, ensuring that all sensitive information remains confidential and secure.
Cloud security encompasses the policies, technologies, and controls that protect cloud-based systems and data from internal and external threats.
While cloud-native environments offer improved scalability, resilience, and operational efficiency, they also introduce new risks such as misconfigurations and malicious activity. Hex Trust takes a proactive approach to cloud governance to maintain a secure posture across all deployments.
HSMs are physical devices that provide tamper-evident, intrusion-resistant protection and lifecycle management for cryptographic keys.
By using FIPS 140-3 Level 3 certified HSMs, Hex Trust ensures that sensitive data, including wallet private keys, is safeguarded to the highest industry standards, supporting both operational flexibility and regulatory compliance.
Security audit trails log and chronologically record all system activities, including user interactions, asset actions, and access events.
These records are vital for identifying anomalous behavior, supporting forensic investigations, ensuring regulatory compliance, and maintaining operational transparency.
DevSecOps integrates security practices into every phase of the software development lifecycle, from design and coding to testing, deployment, and operations.
This approach enhances application and cloud security, accelerates delivery cycles, and reduces long-term technical debt by embedding security as a core development principle.
Hex Trust is following an advanced cybersecurity strategy that operates on the principle of "never trust, always verify,".
It's a proactive and continuous process of challenging every access request, verifying its legitimacy against strict policies and controls, and granting only the minimum necessary permissions. It ensure all access requests are treated with suspicion until explicitly verified.
Security is foundational to Hex Trust’s mission. Our layered approach combines advanced technology, rigorous processes, and continuous monitoring to deliver best-in-class protection for digital asset organizations.
To request security reports or for any security-related questions, contact our Information Security team.
Hex Trust offers institutional-grade digital asset custody, underpinned by robust security, regulatory compliance, and operational excellence. Our in-house team of risk management and security experts continuously monitors and assesses both internal and external threats - ensuring client assets are protected with the highest levels of assurance.
With the growing complexity of digital asset security, our Chief Information Security Officer (CISO) provides insights into the critical tools and strategies that organizations should adopt to mitigate risks, including DeFi-related vulnerabilities and attack vectors.
Our Custody Framework is Built on 10 Foundational Principles:
Client assets are fully segregated from corporate funds, ensuring clarity and safety in ownership.
Customizable multi-approval workflows to meet institutional governance and compliance requirements.
Dedicated relationship managers and 24/7 operational support tailored to client needs.
Rigorous internal assessments and continuous external audits to maintain the highest standards.
Infrastructure and controls modeled on traditional financial institutions.
Ongoing evaluations by trusted external partners to validate our controls and processes.
Operations aligned with local and international regulatory frameworks in every jurisdiction we serve.
Proactive identification and mitigation of operational, technological, and market risks.
Support for hot, warm, and cold wallets to align with client-specific risk and liquidity needs.
Business continuity and incident response protocols ensure resilience under any scenario.
Hex Trust is purpose-built to meet the custody needs of the digital asset economy - combining security, compliance, and adaptability into a single, institutional-grade solution.
Learn more about the 10 Foundational Principles of a Licensed Digital Asset Custodian