Bastion Surpasses $40 Million in Funding Amid Explosive Growth in the Stablecoin Market
Issue
Hold
Move
BlogCareers
Blog
Careers
Back to all Posts
Main featured post image
Engineering
Built for Trust: How Bastion Embeds Security Into Every Transaction
Engineers at Bastion design with zero blind trust: Nitro enclaves, cloud HSMs, and quorum approvals power an architecture that eliminates single points of failure and raises the bar for enterprise security.
Post Author
Bastion Team
September 16, 2025

In 2025, enterprises are entering a new phase of business. Existing rails across their ecosystem have been built to optimize for value, growth, customer satisfaction (and, customer stickiness). But in continuously optimizing, they’re running into new challenges:

  • Optimization can lead to massive systems that become a tangled web of third party players, all of whom want their cut.
  • Solutions from 10 years ago have become outdated. Technology moves fast and companies keep running into versions of the same problem even after implementing solutions.

When companies are optimizing in search of growth, they don’t want to keep facing new versions of the same problem. Take, for example, the goal of global expansion. Cross-border payments become a massive question, requiring companies to bring on banking partners or introduce systems to support banking networks. Money is transferred from one partner to the next, and as mentioned, everybody wants their cut. You’ve solved your global expansion problem, but it’s created new problems in the wake.

Now, some teams are turning to blockchain, believing it to be a more permanent solution that covers more bases. Regulatory clarity and ecosystem maturation help to make it possible, but any new technology can still feel risky. That’s why enterprises want to take every precaution possible—they have a lot more to lose if things aren’t as they seem.

That’s why enterprises are looking to approach with caution: they want to protect their assets, verify ownership, conduct secure transactions, and keep data confidential. Bastion’s security posture is shaped by its co-founder and CEO Nassim Eddequiouaq who previously served as Chief Information Security Officer at a16z crypto. His experience in securing institutional digital asset infrastructure informs Bastion’s approach: eliminate blind trust, build verifiable systems, and meet the expectations of modern enterprise risk frameworks.

Security isn’t an add-on with Bastion. It’s embedded in our DNA.

How Enterprises Secure Private Keys and Custody Systems

Traditionally, companies work with a bank or authorized institution to hold (or custody) their assets. With crypto assets, the owner can either custody themselves (referred to as self-custody), enter into a custody agreement with a trusted partner, or conduct transactions without the security of custody.

To access those custodied funds, users need a private key—“...an alphanumeric code generated by a cryptocurrency wallet. It is used to authorize transactions and prove ownership of a blockchain asset.” Private keys should be heavily protected and appropriately managed. Many instances of crypto-exploits are due to poor protection of private keys—triggering the need for robust levels of security.

The details of how Bastion Custody provides best-in-class security can get complicated, but the forward-facing goal for enterprise clients is simple: avoid single points of failure in our system to safeguard your assets. This includes protecting against technology outages and preventing any one person from having the power to undermine Bastion’s security. Besides protecting assets against hackers and other bad actors, we’re transitioning to a model in which multiple people need to sign off on a new build before we upgrade our stack so no one person can control the hardware security module (HSM) through permissions.

We sat down with Robert Coleman, Bastion Security Lead, for additional insights into how our company embraces security, embedding it into the heart of our philosophy, technology, and operations.

Bastion’s Approach to End-to-End Key Protection

“For key safeguarding,” Coleman explains, “we balance usability and security as we protect keys against ourselves and attackers and make sure that information stays confidential—meaning that even we never have access to the underlying material.”

This lack of visibility into underlying material serves as a revolutionary approach because, traditionally, any agent using the host operating system (OS) would have access into the information located in the CPU or memory, creating vulnerability when someone with ill intent gets involved. To prevent this crucial single point of failure from occurring, Bastion chose the AWS Nitro System, which provides the levels of security needed for enterprise data by creating an isolated sandbox that makes the potential attack area nearly nil.

Part of the solution involves EC2 instances, which are virtual servers in the cloud that provide attestations—cryptographic proofs—that confirm the veracity of the system’s software. This technology accomplishes this through an EC2 capability called an enclave that carves out an isolated environment to protect sensitive information within the virtual cloud. Verification and other processes accelerate in this isolated environment, as well, creating significant efficiencies.

“When you simply have a standard EC2 instance,” Coleman says, “there’s no guarantee of what programs could have access to the key material. That’s why we use Nitro enclaves in our system so that we know that the code we upload is exactly what’s running.”

In non-technical language, this means that enterprises can demonstrate to internal stakeholders and partners as well as regulators that their companies are running critical applications in a secure, trusted, unaltered environment.

Retrieving Keys Without Exposing Sensitive Data

Secure key retrieval was a top consideration in Bastion’s key management security model. We leverage the protection of the Nitro enclave, Coleman says, “to ensure safe integration between key management and the code running on the system that was accessing the keys. We need to prevent someone from going in to spin up a new system with their new code. We wouldn’t want that code to get access to our key system, so we need controls over systems getting spun up and what has access to those keys.”

Coleman also discussed the custodial need to retrieve private keys without leaking any information, explaining how “We have a root/base key material, and we attach that using a shard identifier. Each signer has a different shard so that we can segment and use that as the master key for our private keys derivation function. We can then recreate end user private keys by deriving a key using that root key material and identifying information about the end user account.”

This approach creates a flexible, scalable system. It also maximizes efficiency because, rather than needing to store kilobytes of discrete data, only the base security information requires storage. As an additional layer of security, the base key and key management system can’t be exported; the AWS Nitro System includes both hardware and software, generating key material that can’t be transferred from the hardware itself.

Enhancing Security with a Cloud-Based HSM

Recognizing the need for enterprises to meet SOC 2 & NYDFS Part 500, Bastion is transitioning to a cloud-based system with HSM that require strong logical and physical access controls, continual monitoring, time-bound access logging, rapid incident responses, and more. Coleman explains, “We need to make sure all activities are auditable, cryptographic operations are attestable, and keys can’t be exported or managed manually.”

HSM models use tamper-proof physical chips located inside of computers. If someone attempts to remove or modify the chips, they’re designed to wipe clean, “the chip would rather self-destruct than allow that key data to be viewed.” Coleman explains this method provides a protected system that only Bastion can access.

There are other added benefits: within the cloud-based HSM, we set up accounts, passwords, users, and so forth on a chip. We’re then issued certificates that attest to the underlying hardware from the manufacturer, containing serial numbers, AWS records, and other relevant information in a way that provides an extra layer of security for the key material. This creates a cutting-edge level of security that dovetails with how traditional banks use HSMs. So, although it works well with digital asset protection, HSMs are not solely a crypto tool. It could even feel familiar, as enterprises considering blockchain solutions may already be using this technology through traditional banking transactions.

Going Further: How Bastion Raises the Bar

Bastion continues to differentiate its permissions model by ensuring that even the employee with the most elevated permissions cannot have full control over any processes. Traditionally, a model leverages a root account system where users are assigned user names and passwords with multi-factor authentications (MFAs). That essentially creates a system where two people are needed to control keys.

Added protections can include breaking up passwords, splitting up MFA tokens, and more. You can limit the root account actions with restrictive policies to ensure no single account has the highest permission levels. To access those permissions, one employee would need to request them with another employee providing approvals.

However, Bastion is going beyond these models by transitioning to quorum approvals, adding extra security to its employee processes. In this approach, each HSM user at Bastion will create an asymmetric signing key outside of the HSM and appropriately protect their keys. Then, each user will log into the HSM to register their public key portion.

When a quorum-controlled operation is needed, each of the HSM users will log into the system to obtain a quorum token before giving their tokens to one or more other HSM users to obtain approvals. These approvals are managed outside of the HSM by users cryptographically signing the quorum token.

Once enough approvals are obtained for an action, the user who originated this project will sign back in to turn in the quorum token and the signed approvals. The HSM verifies the signatures and if they are all authentic, the HSM will approve the quorum token and the operation requested can take place. This segregation of duties prevents unauthorized changes and circumvents single points of failure.

In sum, Bastion instills security into its core infrastructure, leveraging AWS Nitro enclaves and cloud-based HSMs to protect key material, balance usability with protection, and eliminate single points of failure—all while ensuring confidential, scalable digital operations. This gives your enterprise peace of mind with your digital assets safeguarded in a robustly secure, trustworthy, and tamper-free environment.


Share this article