Security & Privacy

To protect our users, their funds, privacy, and ensure a smooth operation of the service, Taurus’ security staff runs a number of security controls and procedures.

Wallet Security

  • We use HSMs certified FIPS 140-2 L3 to custody and protect master keys, perform key derivation, and run our policy engine.
  • We harden HSMs with our proprietary firmware extension, which enforce HSMs’ secure configuration and reduces their attack surface.
  • Signatures by hardware tokens provide multi-party approval using a quorum logic not visible from blockchain data.
  • Our key generation and key back-up processes are certified ISAE 3402.

Infrastructure Security

  • Taurus’ infrastructure runs on data centers in Switzerland with banking-grade security controls and industry-standard certifications.
  • All our IT systems require multi-factor authentication and follow segregation of duty principles.
  • Our software delivery process is certified ISAE 3402, and includes automated security scans against supply-chain attacks.
  • We have 24/7 security monitoring and incident response capabilities.

Internal Controls

  • Taurus implements the three lines of defense model, composed of process owners, risk & compliance, internal & external audit.
  • Our processes are audited to comply with the FINMA license obligation, including: access management, change management, vulnerability management, and BCP/DRP.
  • All our staff undergoes background checks, and training sessions about security awareness, regulatory compliance, and data protection.
  • Taurus is expecting ISO27001 certification validation in 2024.

Security Audits

  • We hire world-class teams to pentest our applications and review our source code.
  • Clients of our custody solution can organize their own pentests of our solution, and can receive a copy of our product’s source code
  • We do daily network scans of our endpoints and API endpoints.
  • Our proprietary trusted build system certifies that a binary was built from a given source code version, via an external auditor certification.

Security Research

  • Our internal research unit Taurus Labs performs research projects and collaborates with world-class researchers.
  • We publish open-source software, research articles, and give talks at top tier global events.
  • Taurus has helped leading blockchain organizations to strengthen their security protocols.

Compliance and certifications

FINMA Securities Firm license,
which allows us to operate TDX
ISAE 3402 Type II, regarding risk
assurance and internal controls
FIPS 140-2 Level 3,
regarding HSM devices
CMTA DACS, regarding custody
procedure and technology security