At Cordial Systems, we design custody infrastructure for institutions that demand more than just feature sets—they require proof of security, transparency, and control. Our clients include leading crypto-native firms, traditional securities exchanges, and fintech platforms bringing capital markets on-chain. These are organizations with rigorous procurement standards and zero tolerance for security ambiguity.
That’s why we engaged Software Secured for an extensive penetration test of our flagship product, Cordial Treasury—our modular, self-hosted MPC wallet infrastructure.
Security Built for Zero Trust, and Scrutiny
Cordial Treasury is purpose-built for regulated institutions that must demonstrate full control of their digital assets. From the outset, we’ve architected our platform on zero trust principles, with MPC-based key management, granular policy enforcement, and flexible deployment models across on-premise, hybrid, and private cloud environments.
But building secure infrastructure isn’t enough. Institutions expect evidence: a mature audit program, transparent documentation, and third-party validation that our systems can withstand real-world threats. That’s where Software Secured came in.
Why We Chose Software Secured
We needed a partner with deep expertise in both fintech and traditional financial institutions, especially one that could tailor threat modeling to our unique architecture. Software Secured’s track record includes clients like Google, Meta, JP Morgan Chase, and Bank of America, as well as U.S. federal and state government entities. Their ability to go beyond surface-level testing made them a clear choice.
Rather than applying a generic checklist, Software Secured worked closely with our engineering team to conduct a targeted, in-depth assessment of our full deployment footprint.
A Penetration Test Designed for Real-World Risk
To simulate a real client environment, Software Secured mapped our hybrid deployment architecture - including on-prem nodes, private cloud infrastructure, and services hosted on Google Cloud Platform. They then applied custom threat models across each layer of our stack, focusing on the most critical concerns for our clients:
- Admin API Testing: Targeted for potential leakage of organization names, emails, and internal user data.
- Oracle API Testing: Focused on blockchain addresses and metadata exposure in Treasury instances.
- MPC-Aware Threat Modeling: Integrated workshops with our engineers ensured their testing methods aligned with our proprietary multi-party computation and policy enforcement logic.
This wasn’t a one-way audit. It was an interactive process where both teams worked collaboratively to push the boundaries of what real-world attackers might attempt.
“A good self-custody technology should empower users to always understand what they’re signing and give them tools to build clear policies around wallet usage,” said Conor Patrick, CTO at Cordial Systems. “Software Secured’s testing validated those controls end-to-end.”
Results: Validation, Confidence, and Actionable Insights
The final report from Software Secured confirmed what our clients need to hear: Cordial Treasury is resilient, mature, and well-aligned with the security expectations of the financial industry. But more than that, their team gave us:
- Clear, actionable recommendations mapped to production fixes
- Support in bridging findings into product development cycles
- Strategic security guidance to further evolve our roadmap
“As custodians of digital assets, you should actually custodize assets—not outsource that responsibility,” said Nicolas Stalder, CEO & Co-Founder of Cordial Systems. “Software Secured helped us prove that our custody technology truly delivers on that promise for clients in both the crypto and traditional finance world.”
Reinforcing Trust with Institutions That Expect More
By focusing on the risks that matter most—data leakage, hybrid-cloud resilience, and SOC 2 readiness—Software Secured helped us enhance our security posture and continue building the trust of the most security-conscious institutions in the space.
For institutions that can’t afford to compromise on control, Cordial Treasury provides a custody infrastructure they can operate on their own terms - with the audit trail to prove it.
