The legendary mantra of “not your keys, not your coins” has long been held as the gold standard of on-chain security. So long as you’re not in control of your digital asset’s private keys, you don’t really own them. Give up control of those keys to a third-party, like an exchange, and you may as well be handing over your funds on a silver platter.
But these days, crypto faces a bigger, more insidious and far less understood threat that’s lurking in the shadows of the platforms that facilitate high-speed trading: the vulnerability of off-chain credentials, which can provide back door access to those keys and enable the theft of billions of dollars.
Enter Ido Sofer, Chief Executive Officer of the crypto key management provider Sodot, who has taken it upon himself to slam that door shut. He’s laser-focused on the Goliaths of the crypto industry, namely the liquidity providers, market makers and other institutions that manage billions of dollars in tokenized funds and support the high-frequency trading operations that power the digital economy.
“I started my career in the Ministry of Finance in Israel, heading the trade and innovation team. Our mission there was to lift barriers, create incentives, and foster competition to lead to higher growth and well-being,” Sofer said. “From that point of view, moving to crypto seemed to me a very natural extension, and specifically building the infrastructure that enables others to build, trade, and grow securely.”
To do that, Sofer and Sodot are taking aim at the systemic “execution risk” that threatens crypto trading firms, looking to fortify the security of off-chain assets such as trading API keys and user credentials with on-chain-like guarantees.
Execution infrastructure in the crosshairs
For years, crypto security operations were almost exclusively focused on finding a way to protect the private keys to crypto wallets. It’s known as the “custody risk,” and it will always be a concern to anyone holding digital assets. However, Sofer believes that custody is no longer the weakest link. Cyberattackers have come to realize that secure wallets, often held in cold storage, are far too difficult to crack. But they’ve found a much softer target in the operational layer that supports how funds are actively moved.
Sofer explained that the concept of custody has evolved. Crypto firms are no longer just dealing with on-chain keys, but a vast and extremely complex infrastructure, made up of numerous key types, vendors, trading venues and on- and off-chain workflows. “The problem is that most security solutions still focus on on-chain security,” he said. “Attackers understood that and shifted to off-chain compromises to gain access to the workflows that can transfer funds, like trading API keys or developer credentials.”
Bybit is the perfect example of this. In February 2025, crypto assets valued at approximately $1.5 billion were stolen from the popular exchange platform. Investigators revealed that the attackers gained entry by compromising access on a vendor’s side. That enabled them to carry out malicious code changes and bypass the exchange’s security protocols. The staggering size of Bybit’s losses illustrates why Sofer believes that the “execution risk,” which he defines as the threat of compromise during high-speed, automated trading operations, is now much more significant than the custody risk. There are just too many vulnerabilities that stem from the vast number of connections to multiple exchange platforms and the number of employees and access credentials involved in trading operations.
“Most teams rely on secrets managers, which release the keys (in plaintext) to any machine, service or person that is successfully identified,” Sofer said, discussing why current security standards are woefully inadequate. “That means an external attacker, malicious code via a third-party dependency or an insider under duress can leak the key or use it to steal funds.”
A self-hosted solution: Zero exposure & maximum speed
Sofer’s company Sodot is attempting to combat what he describes as a “systemic failure” by pioneering an entirely new architectural approach to API key and credentials management. The concept is based on the same theories found in on-chain security. “Sodot provides the same security guarantees we have for on-chain keys,” he explained. “Zero key exposure, risk distribution with MPC and policy enforcement.”
Sodot has built a self-hosted infrastructure platform that leverages a pair of cutting-edge security techniques – namely, Multi-Party Computation or MPC and Trusted Execution Environments or TEEs. With Sodot’s platform, API keys are never reassembled in full plaintext, eliminating one of the main weaknesses of traditional secrets managers, which typically expose the entire key to any authenticated machine. Instead, Sodot uses MPC to split each key into multiple “shares” that are held by different partners on different technology stacks, Sofer explained.
Distributing risk in this way makes an attacker’s job exponentially more difficult, as it means they would have to compromise multiple isolated systems to gain access. “MPC, at the end of the day, is a method for risk distribution,” Sofer said. “It makes it much harder for an attacker to get access to the full key.”
Meanwhile, the TEEs enable what’s akin to a defense-in-depth, providing an additional hardware-based layer of protection for each key share. According to Sofer, it’s all about making life as difficult as possible for wannabe hackers. To that end, he believes that TEEs should never be used to protect a full key, but only ever part of one. This is in order to counter a risky trend that’s unfolding in cybersecurity. “I’m actually quite concerned about the trend to rely on TEEs to secure a full key,” Sofer insisted. “This method is not sufficiently secure for holding significant assets, due to vulnerabilities that occasionally appear in TEEs that could lead to a loss of funds.”
Sodot isn’t just focused on security, though. There are practical reasons why execution risk has become so significant. These days, the wallets of crypto trading firms are active, being used to enable high-frequency trading, far more often than they’re sitting in cold storage. Institutions can’t afford to keep substantial amounts of funds off-chain, because they’re needed for day-to-day operations.
Sofer said this is why Sodot opted to build a self-hosted solution that balances the need for security and performance. While self-hosting does take longer to implement, it provides superior performance, scalability and reliability compared to any SaaS-based product. “There is no concept of vendor downtime,” he pointed out. “The infrastructure is horizontally scalable and performance can be made to fit the customer’s HFT or low-latency settings.”
Making the jump from policy to protocol to build stronger security
Surprisingly, Sofer’s background doesn’t lie in cryptography or even traditional cybersecurity, but rather, in formulating the economic policies and shaping the fiscal strategies of the Israeli government. Nevertheless, he believes that his formative years at the Ministry of Finance provide Sodot with a strategic advantage in the crypto security space.
“Strong foundations lead to sustainable growth, and the other way around,” he reflected. “That’s true for public institutions as much as it is for financial institutions. My background shaped how I think about trust, controls, and systemic risk: you don’t prevent failures with one rule, you build resilient infrastructure and framework to handle real-world scenarios.”
Sodot’s focus on institutions is evident in its most recent, and landmark integration with the privacy-first Layer-1 blockchain Aleo, which uses zero-knowledge proofs to shield transaction details. Because of Aleo’s unique cryptography, Sodot had to go into uncharted territory to integrate it with MPC. It became the first company to do this, paving the way for institutions to utilize Aleo’s privacy guarantees with the protection afforded by MPC.
Sofer said it’s an achievement his team can be proud of. “To support Aleo with MPC, there are sensitive adjustments that need to be implemented in the signing flow and underlying primitives, and there are only a handful of people worldwide with the expertise to do that,” he revealed.
Trillions of dollars could be at stake
Looking ahead, Sofer said there are valid reasons to believe that self-hosted key management will soon become the gold standard for crypto security. With the introduction of AI agents likely to accelerate the automation of money movement, the trading infrastructure of the future will become exponentially more complex than it is already. Each new agent that’s deployed is going to need its own key for each interaction, creating an enormous attack surface. At the same time, the world’s biggest financial institutions are warming up ideas around on-chain finance, tokenized real-world assets and blockchain-based settlements. It’s not inconceivable that trillions of dollars in value could one day live on-chain. It needs better security.
“Keys are here to stay, and they will control more value and become more sensitive as technology progresses,” Sofer concluded. “As financial institutions get more involved in crypto, we believe demand for self-hosted solutions that secure them will only grow, driven by performance requirements, operational resilience, and control over security boundaries.”
Sodot, with its expertise in cryptographic techniques beyond the most common standards, including BIP-340, Sr25519 and RSA, could soon emerge as the foundation of crypto security. By enhancing key security while ensuring the lightning-fast performance needed for high-frequency trading, it’s creating the resilient infrastructure crypto needs to survive and thrive.

