We break hardware that protects cryptocurrency.

For the past few years, we’ve been glitching microcontrollers, extracting secrets from secure elements, and finding vulnerabilities in hardware that’s supposed to be tamper-proof. We’ve attacked STM32s, ESP32s, ARM TrustZone implementations, and hardware wallets used by millions of people.

Now we’re looking at exchanges.

What we do

Crypto exchanges rely on hardware security modules, cold storage systems, and microcontroller-based signing devices to protect billions in assets. Most of this infrastructure is black-box trusted. The threat model assumes the silicon works correctly. It usually does. But not always.

We apply fault injection attacks, side-channel analysis, and embedded security research to the hardware layer of exchange infrastructure. When Coinbase says their cold storage is “secure,” we want to know what chip is doing the signing and whether we can glitch it.

Why this matters

Every exchange hack you’ve heard about, Mt. Gox, Quadriga, Binance 2019, has a hardware component. Either the cold storage wasn’t actually cold, the HSM had a backdoor, or the signing ceremony had a vulnerability. Nobody talks about the silicon layer because it’s assumed to be unbreakable.

We’re testing that assumption.

What you’ll find here

• Technical teardowns of exchange custody systems
• Hardware security analysis of cold storage implementations
• Postmortems of exchange failures from an embedded security perspective
• Research on HSMs, secure enclaves, and signing infrastructure

This is security research applied to the exchange problem.