Secure enclaves

Fireblocks utilizes Intel SGX, a hardware-level enclave that isolates selected code and data within a system. It is designed to protect the cryptographic material, the cryptographic algorithm (MPC and ZKPs), and the execution of sensitive parts of the software from both insiders (such as rogue admins) and hackers.

As the MPC key shares are stored in SGX, they cannot be extracted even if malware or a hacker has control over the server’s OS – as the memory space and the data in the SGX enclave are encrypted. They also utilize SGX to secure API keys. In the trusted execution environments (TEEs) where they store these exchange credentials, the information cannot be retrieved by hackers, inside colluders, or even Fireblocks employees.