Security & Privacy for institutional investors

Security & Privacy for institutional investors

This article was co-authored with Bentzi Rabi, co-founder and CEO of Utila, a leader in enterprise-grade MPC wallets.


With the emergence of new investment vehicles and yield opportunities on DeFi - the latest one being LSTs and LRTs, institutional investors are ramping up their positions and exposure to Ethereum. However, for any real adoption of DeFi as a means of capital gain equal to that provided by TradFi, protecting invested assets and profits is necessary. To achieve this, 2 requirements need to be met without compromises on usability:

1) Robust security of assets and 

2) Compliant on-chain confidentiality

Navigating financial operations, compliance with AML regulations is important to mitigate risks of enabling or being associated with illicit activities. Transaction policies within institutional crypto wallets empower organizations to control transactions, setting spending limits and pre-approving recipients. Seamless connectivity between traditional financial systems and the crypto economy via on and off-ramps to fiat accounts is essential, alongside multi-chain support. Lastly, pricing transparency and onboarding speed are crucial considerations, impacting efficiency and cost-effectiveness.

In traditional finance, transactions and held assets are not public to everyone. Information on your intended transactions is not discoverable and cannot be used to cut profits. The same should apply to DeFi operations. On-chain confidentiality is required for protecting yield farming and trading strategies. 

Managing on-chain assets

After the FTX collapse and the consideration of insolvency risks of CEXs, token holders are turning to non-custodial solutions for holding their assets. In custodial solutions, like CEXs, assets are held for the user. On the contrary, in non-custodial wallets, tokens are held by the user, providing complete control over their assets.

However, enterprises and institutions require solutions with versatile functionality. With multiple wallet management, and more complex signing policies, while maintaining the transparency of transactions internally. A simple wallet that accommodates the needs of the average user is not enough.

Instead, the optimal solution is an MPC wallet, capable of satisfying the above needs. Utila, a pioneer in this category, is that solution. Utila leads the field in enterprise-grade MPC wallets, boasting top-tier security and user-friendly features tailored for institutional investors and enterprises. With Utila, users can create and manage wallets, establish user roles, and set transaction policies and limits. It supports numerous networks, while users can facilitate bank account transfers for on/off-ramping - all through a single, robust platform supported by state-of-the-art cryptographic protocols. Utila's platform has secured over $4 Billion in transactions in the last two quarters.

With Utila, all security concerns are addressed and users are ready for their DeFi operations. And this is where on-chain confidentiality comes into play.


The emergence of on-chain data analytics tools like Arkham, Nansen, and DeBank has transformed the DeFi landscape. The pseudonymity and hence privacy enjoyed while transacting on-chain is now gone. Assets and transaction history of entities and individuals is not only tracked but also connected with off-chain information. Tools aiming to provide transparency have made doxxing, the act of revealing someone's personal information online, easier than ever before. This provides easy targets for malicious actors to benefit from.

Since on-chain activity can now be easily tracked, significant token holders can be copy-traded, front-runned or become targets of hackers. Yield strategies can be followed en masse, reducing their effectiveness and cutting out profits from the investors. Furthermore, liquidation of vested tokens creates bad market signals and judgment.

Investors, VCs, and liquid funds require a private environment to conduct their DeFi operations, without being constantly monitored. Hinkal covers these needs, re-anonymizing the blockchain. Hinkal is a zk-protocol enabling end-to-end and secure confidentiality for transactions. By connecting their public wallet, users generate a shielded address. They can deposit any token to their or any other shielded address. Once assets are shielded inside Hinkal, users can execute any transaction in complete confidentiality. Only Hinkal smart contract and relayers are visible on-chain. All transactions are executed from Hinkal on the user’s behalf. 

This enables confidential:

  1. Allocation of vested tokens
  2. Liquidations and trading strategies
  3. Payments and transfers
  4. Yield strategies

At Hinkal, security is paramount. Smart contracts have been audited by Quanstamp, Secure3, and Zokyo, combined with white hat hacker inspections. Immunefi’s bug bounty ensures no vulnerabilities are missed. Real-time threat detection by Hexagate and an AML/KYC layer bolster security, while a password-protected mode offers an extra layer of account security.


In conclusion, as the DeFi landscape evolves, the demand for enhanced security and confidentiality intensifies. Utila's enterprise-grade MPC wallets cater to institutional needs, ensuring both versatility and top-tier security. Meanwhile, Hinkal's zk-protocol offers comprehensive on-chain confidentiality, safeguarding users' privacy in an increasingly transparent environment. By integrating robust security measures such as rigorous audits, bug bounties, and real-time threat detection, these platforms fortify the DeFi ecosystem, empowering investors with the confidence to explore new opportunities securely and privately.

Read more