Security

Every signature is verified before it leaves the device.

We're a bootstrapped team, not a security theatre company. No fake audit claims. No compliance badges for their own sake. What we have: verifiable technical controls built into the signing path that prevent the three most common ways multi-chain traders lose funds.

Threat Model

Three attack vectors. Three countermeasures.

These are the vectors that drain active multi-chain traders. Not theoretical — each one has documented incidents. Each one is stopped at the signing relay before your hardware device is involved.

Chain-ID spoofing

A stale or malicious RPC returns a wrong chain ID. Your approval is valid on that network, not the one you intended. The funds move before the next block.

Defimec calls eth_chainId on every session and compares to your locked assertion. Wrong ID = hard stop before Ledger is prompted.

RPC endpoint poisoning

A malicious or misconfigured RPC intercepts your transaction and redirects it to a different contract or program. Particularly prevalent on Solana public endpoints.

Defimec validates RPC response authenticity and checks that transaction routing targets match expected contract addresses before signing.

Blind signing exploitation

Hardware wallets display raw calldata hex. Users approve without knowing what function they're calling, which spender they're authorising, or what amount they're committing.

Defimec decodes calldata to function name and parameters before forwarding to Ledger. You see what you're signing — not what an attacker wants you to miss.

Security Architecture

Verification layers between you and the endpoint

Security architecture diagram showing verification layers between Ledger hardware and blockchain endpoints: chain-ID lock, RPC integrity check, calldata decode layer

Transparency

Responsible disclosure

Report a security issue

We're a small bootstrapped team. If you find a security issue with Defimec — in the signing relay, the RPC probe logic, or the calldata decoder — please contact us directly. We take all reports seriously and will acknowledge within 48 hours.

We do not claim SOC 2 certification, formal smart contract audits by named firms, or other institutional security badges. What we claim: security-first controls built into the signing path, designed with the intent to prevent the most common ways active DeFi traders lose funds.

Questions

Questions about how the signing relay works?

We'll walk through the chain-ID verification logic, the RPC probe implementation, and the calldata decoder with any trader who wants to understand the controls before trusting them with real signing sessions.

Get in touch