Today, many crypto organizations rely on established multi-signature workflows for transaction approval that, while functional, present opportunities for significant security improvements. A typical transaction approval process involves initiating a transaction followed by approval requests via communication channels like Slack or Telegram: “Please review and sign TX 0xabc… This is for our scheduled transfer to the trading wallet.”
Some teams enhance this process by maintaining detailed spreadsheets or structured email threads that document addresses, amounts, and transaction purposes for verification. However, these workflows often place considerable responsibility on individual signers to verify transaction details and context independently.
The challenge many organizations face is that signers may have limited visibility into transaction details at the point of approval. Standard wallet interfaces or hardware devices typically display technical information, such as addresses and encoded data, which may not provide the full business context needed for informed decision-making. When systems don’t support structured data formats like EIP-712, approvers may encounter primarily technical representations that require additional interpretation.
This vulnerability, also known as blind signing, has resulted in billions of losses. Keep reading to learn more about areas for security enhancements and strategic implementation.
Identifying areas for security enhancement
As crypto operations scale and mature, organizations are recognizing several areas where current multisig and multi-party computation (MPC) frameworks can be strengthened:
- Enhanced contextual information: Current workflows often provide limited business context at the point of approval. Signers may benefit from clearer visibility into transaction recipients, the specific actions being executed (particularly for smart contract interactions), and the business rationale behind each transaction.
- Automated risk assessment: Most existing workflows rely primarily on manual review processes. Organizations have the opportunity to implement automated systems that can flag potentially risky transactions, such as transfers to addresses associated with known security incidents or interactions with recently deployed contracts.
- Policy framework implementation: Traditional multisig setups often operate with minimal policy constraints beyond signature thresholds. Organizations can benefit from implementing more granular controls, such as transaction amount limits, recipient allowlists, approved contract registries, and time-based restrictions that align with business operations.
- Enhanced monitoring capabilities: When security incidents do occur, rapid detection and response are critical. The 2022 Ronin bridge incident, where $625 million was compromised but not discovered until six days later when users reported withdrawal issues, illustrates the importance of robust monitoring systems.
These areas represent opportunities for organizations to strengthen their transaction security posture while maintaining operational efficiency.
GateSigner: Implementing frameworks for advanced transaction security
Chainalysis Hexagate is proud to launch GateSigner, a purpose-built security layer that acts as a real-time transaction firewall. GateSigner simulates transaction outcomes and cross-reference transaction details against threat intelligence databases, which includes validating recipient addresses, analyzing smart contract calls for expected behavior, and identifying patterns that deviate from normal operational parameters.
If detected, Chainalysis Hexagate will block risky transactions and provide a key checkpoint for signers before acting on a transaction. GateSigner brings ease of mind to multi-signature transaction signing workflows.
Organizations looking to enhance their transaction security can use GateSigner to advance security in their transaction processes:
- Implement monitors in Hexagate that automatically evaluate each transaction against a wide range of security vulnerabilities across governance, financial, phishing, cyber threats, and more.
- Configure out-of-the-box monitors or create custom ones that evaluate spending thresholds, approved recipient lists, smart contract interaction policies, operational time windows, and more. These policies can be tailored to match specific organizational requirements while providing consistent enforcement.
- Easily integrate with partners like Safe and Fireblocks, or through API. Utilize integrations with popular wallet infrastructures for fast deployment.
- Access comprehensive, easily interpretable transaction summaries that clearly communicate the business impact and technical details of each transaction. This includes decoded smart contract interactions, recipient validation, and clear business justification for each approval request.
- Access real-time visibility into transaction flows, policy compliance, and potential security events. This creates multiple layers of oversight and enables rapid response to any irregularities.
The path forward: Strategic implementation
The crypto industry is increasingly recognizing the value of sophisticated transaction security frameworks as operations mature and regulatory expectations evolve. While building comprehensive security infrastructure may seem complex, emerging solutions are making enterprise-grade capabilities more accessible to organizations of various sizes.
Modern transaction security platforms are designed to integrate with existing infrastructure while providing the advanced capabilities outlined above. These solutions serve as intelligent gatekeepers that enhance rather than replace existing multisig frameworks, providing additional layers of verification and control.
For organizations evaluating their transaction security posture, the strategic approach involves assessing current workflows, identifying specific areas for enhancement, and implementing solutions that provide measurable improvements in security and operational visibility. The goal is to transform transaction approval from a trust-based process into a comprehensive verification framework that provides confidence in every transaction—a transformation that GateSigner makes possible.
As the industry continues to mature, organizations that proactively strengthen their transaction security frameworks will be better positioned to operate safely at scale while meeting evolving security and compliance requirements.
Explore GateSigner here.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.