Overview

  • Updated on May 27, 2025
  • Published on May 20, 2025
  • 1 minute(s) read
  • A
  • John Rising
 Prev Next

At Stackup, we understand that managing crypto assets requires the highest level of security without sacrificing usability. As businesses increasingly operate onchain, robust security becomes not just a feature, but a foundation for everything you do.

These docs outline the key components of Stackup's security model, including our implementation of phishing-resistant passkeys that replace traditional private keys, and our use of Trusted Execution Environments (TEEs) for advanced automation features. Each element is designed to provide maximum protection without adding operational complexity.

Our Approach to Security

Our security architecture is built on three core principles: self-custodial control, enterprise-grade protection, and simplified user experience. This approach ensures your assets remain under your complete control while providing the advanced security features businesses require. Stackup meets SOC 2 Type 2 requirements to ensure enterprise-grade protection.

If you have questions about Stackup's security architecture or need help configuring permissions for your team, our support team is here to help. Contact us at support@stackup.fi or visit our comprehensive Security Documentation for more details.

How We Protect Your Data

Stackup protects your data with industry-standard HTTPS encryption and phishing-resistant passkeys for authentication and transaction signing.

Session cookies expire after 24 hours.

Passkeys

Passkeys are used for both application access and on-chain transaction signing. Passkeys provide phishing-resistant authentication with biometric verification. Private keys never leave your device, eliminating the risk of credential theft. Your Passkey will generate a private/public key pair where only the public key is shared with us.

Learn more about Passkeys →

Trusted Execution Environments

For advanced features like Automations, Stackup uses Trusted Execution Environments via AWS Nitro Enclaves. Each Automation generates an encrypted and cryptographically verifiable signer by the TEE.

Learn more about TEEs →

How We Protect Your Funds

Onchain Permissions

Your wallet is a smart contract with multiple levels of access. This ensures that even if someone's credentials are compromised, their access is limited to their specific permissions.

Learn more about Smart Accounts →

Self-custody with ERC-4337

Your onchain accounts are never accessible by Stackup. Your wallet uses the ERC-4337 standard, providing best-in-class security across all EVM blockchains.

Learn more about ERC-4337 →

Related articles