Security & Audits
Security is foundational to human.tech, not an afterthought. The core systems are independently audited and built so that sensitive data is never held in the clear by any single party.
Independent audits
Wallet-as-a-Protocol (WaaP) has completed multiple independent code audits, covering the Two-Party Computation signing, policy engine, SDK, and CLI:
- Cure53
- Hexens
- Least Authority
- Halborn
WaaP has also undergone additional security engagements with Anderson Software and Distrust.
Shield, the Ethereum-to-Aztec bridge, was audited by Nethermind Security, covering the L1 contracts, L2 contracts, and deployment scripts. Shield is currently a testnet deployment. See the Shield page for current network status.
Audit reports are available on request. Contact security@holonym.id.
Privacy by construction
- No PII on-chain. Personal data is never written to a blockchain in the clear. It is hashed or encrypted to a threshold network. See Zero-Knowledge Identity.
- No single point of compromise. Keys are split with Two-Party Computation, and identity data is encrypted to a threshold network where a quorum is required to act.
- Fail closed. Compliance checks fail closed. If sanctions screening cannot be completed, no attestation is issued and the action is blocked.
- Self-custody. Users hold their own keys, with no custodian able to move funds. See Self-Custody.
Report a vulnerability
To report a security issue, contact security@holonym.id.