Staking Security

Written By Nansen Intern

Last updated 6 days ago

Staking Infrastructure Security & Compliance

At Nansen, safeguarding validator infrastructure and delegated assets is a core operational priority. Our staking platform is designed with security, resilience, and operational transparency in mind, aligned with SOC 2 Trust Services Criteria and industry best practices for institutional-grade infrastructure.

All services provided by Nansen are non-custodial in nature. Clients have complete control of their private keys, which means that all funds are never at risk of being stolen while staking.

The Nansen staking team has been operating validation nodes since February 2019 with a perfect track record of zero slashes.

Security Architecture

Our validator infrastructure is deployed across a hybrid environment of cloud providers and dedicated bare-metal servers. Systems are segmented to minimise attack surface and isolate critical components.

Key safeguards include:

  • Bastion-host controlled administrative access with strict authentication controls

  • Network segmentation and firewall enforcement on all nodes

  • Private inter-node communication via encrypted tunnels

  • Least-privilege access controls across infrastructure and services

Key Management & Validator Protection

Validator signing keys are safeguarded through layered operational and cryptographic controls to prevent unauthorised access and misuse.

  • Validator signing keys stored on nodes are encrypted and protected with strict system-level access controls

  • Operator and administrative keys are held offline using hardware security wallets to minimise exposure risk

  • Private keys are never transmitted over networks or stored in centralised key repositories

  • Role-based operational procedures govern validator maintenance and access

  • Multi-party approval workflows are required for sensitive operations and key-related actions

Access Control & Identity Security

We enforce strict identity and access management policies to ensure only authorised personnel can access systems.

  • Multi-factor authentication (MFA) required for privileged access

  • Hardware security keys required for critical administrative access

  • Quarterly access reviews and immediate revocation upon role changes

  • Centralised logging of administrative actions

Infrastructure Hardening & Monitoring

All systems are hardened according to security baselines and continuously monitored.

  • OS hardening, intrusion prevention, and automated patch management

  • Continuous security monitoring and log aggregation via SIEM tooling

  • Real-time alerting and incident response procedures

  • Configuration change monitoring and audit logging

Network Security & Availability

We design our network to ensure both protection and resilience.

  • Distributed infrastructure across multiple regions and providers

  • DDoS protection and upstream network filtering

  • Continuous uptime monitoring and automated failover procedures

Incident Response & Operational Resilience

We maintain documented incident response procedures and disaster recovery plans.

  • 24/7 monitoring and on-call incident response

  • Runbooks and post-incident reviews for continuous improvement

  • Regular backup and recovery testing

  • Business continuity procedures for critical infrastructure

Compliance & Continuous Improvement

Security practices are reviewed regularly to maintain compliance and adapt to emerging threats.

  • SOC 2 aligned controls and periodic internal reviews

  • Vendor and infrastructure risk assessments

  • Ongoing security training and operational readiness exercises

  • Continuous improvement through audits and security assessments